Description This article describes how to create Event handler in FortiAnalyzer/FortiManager for Policy delete in FortiGate.
When FortiGate sends logs to FortiManager, and when FortiManager enables with FortiAnalyzer feature then, it is possible to use same event handler.
Solution 1) Create mail server.
Login to Fortianalyzer and navigate to System setting -> Mail server and select 'Create new'.
Now enter the mail server details.
2) Test Email server working status.
Select 'Mail Server' and select the mail server create in 1). Now select 'Test'. Notification message popup immediately on same page.
3) Login to Fortianalyzer and navigate to Incident and Event -> Event Handler list and select 'Create new'. Enter the details as per below screenshot: Now on same page enter the email notification details:
To: Destination Email address. From: Source Email address which is present in the mail server. Mail Server: Created in 1). Generic text: cfgpath=firewall.policy. Log Description: Object configured. Action: Delete.
Try to delete any test policy in FortiGate an email notification wii be received on the email address mentioned.