1. Configure the elapsed time for the FortiAnalyzer to generate the event:

(setting)# show

config system locallog setting

    set log-interval-dev-no-logging 5

end

#set log-interval-dev-no-logging

<integer>    interval in minute, the range should be [5-2880] or '0' as disable

2. Check the config has been taken into account on the event system log:

id=7052242772836745216 itime=2022-01-12 10:03:44 euid=1 epid=1 dsteuid=1 dstepid=1 log_id=0001010026 subtype=system type=event level=notice time=10:03:44 date=2022-01-12 user=admin cli_act=0 cmd_from=0 path=system.locallog.setting userfrom=ssh(10.5.63.254) desc=CLI execution info session_id=58747 operation=edit performed_on=ssh(10.5.63.254) changes=path=system.locallog.setting,act=edit,log-interval-dev-no-logging=5(30) devid=FAZ-VM0000085594 dtime=2022-01-12 10:03:44 itime_t=1641978224

3. Check If the warning is received on the system setting event page when a device stops sending log after 5 minutes:

id=7052245109298954242 itime=2022-01-12 10:12:48 euid=1 epid=1 dsteuid=1 dstepid=1 log_id=0029038009 subtype=logdev type=event level=warning adom=new time=10:12:48 date=2022-01-12 user=system msg=Did not receive any log from device fgt_wifi[FG60EPTK18000036] in last 7 minutes. userfrom=system desc=Device offline logdev_id=FG60EPTK18000036 logdev_name=fgt_wifi logdev_offline_duration=7 logdev_last_logging=1641978299 operation=Device offline changes=Did not receive any log from device. devid=FAZ-VM0000085594 dtime=2022-01-12 10:12:48 itime_t=1641978768

4. Import (Did not receive any log from device.zip) attached file event Handler on FortiAnalyzer root Fabric ADOM:

5. Modify the notification email to reflect the SMTP alert destination address

6. Check that the email alert is received.