Description
The article provides instructions on how to configure a handler to send email notifications for each event triggered.
Scope
FortiAnalyzer.
Solution
Prerequisites:
The handler should either already be created or one of the default handlers can be utilized.
Step 1: View and target the concerned event type:
By default, FortiAnalyzer sends one email alert when a high volume of events is received in a short time frame. The system bases the email notification on the most recent event log alert.
Go to Incidents & Events -> Event Monitor -> Expand the concerned event that contains many events (below capture).
Step 2: Identify concerned even handler and create a notification profile into the event handler:
The events received in this example are associated with a basic handler. To add a notification profile, select the relevant basic handler. Alternatively, this action can be performed through the 'Notification Profiles' menu.
After selecting the edit button, proceed by selecting the option to add a notification profile.
Step 3: Enable the 'Send each alert separately' option in the notification profile created:
This option allows one to send each alert individually instead of in a group. Before this, ensure that the email server is set up and the 'Send alert email' option is enabled.
From this point forward, an email alert will be sent to the designated email address for each event received.
Related articles:
Creating a custom event handler
Technical Tip: How to Validate Event Handler in FortiManager and FortiAnalyzer
