Description
This article describes how to configure email alerts for failed login using FortiAnalyzer event handler.
Solution
- Setup a mail server at system settings -> Advanced -> Mail Server.
- Create a new event handler at Incidents & Events -> Handlers -> Event Handler List.
Note:In the newer versions of FortiAnalyzer (6.4.x), Incidents and Events have been replaced by FortiSOC. -
Set the 'Log Device Type' to 'FortiGate' and the 'Log Type' to 'Event Log'.
Under 'Log Field', select 'Log ID'.
Enter the values '0100044546' and '0100044547'.
- Select 'Send Alert Email'.
Enter the email address and select the 'Email Server' that was created earlier.
- Log ID information can be checked from the received logs on 'Log View'.
'Log ID' can be used to filter different logs, for example, admin login/logoff, and FortiAnalyzer disconnection.
Technical Tip: How to create Event handler in FortiAnalyzer for Policy delete in FortiGate
Technical Tip: How create event handler in FortiAnalzyer for policy change in FortiGate
Technical Tip: Setting up a FortiAnalyzer event handler with a specific time schedule
Technical Tip: How to set up Email Notifications with notification.fortinet.net
Troubleshooting Tip: How to understand the email SMTP issues and its causes
Troubleshoot: FortiAnalyzer unable resolve DNS to mail server
Technical Tip: How to configure email server on FortiAnalyzer to receive reports over email
