Description
This article describes how to create an Event handler in FortiAnalyzer for Policy deletion in FortiGate and send an email to the administrator.
When FortiGate sends logs to a FortiManager with FortiAnalyzer features enabled, it is possible to use the same event handler.
Solution
- Create a mail server.
Login to FortiAnalyzer, navigate to System setting -> Mail server, and select 'Create new'.
After, enter the mail server details.
- Test Email server working status.
Select 'Mail Server' and select the mail server created in Step 1. After, select 'Test'.
A notification message will pop up immediately on the same page.
- Login to FortiAnalyzer, navigate to Incident and Event -> Event Handler list, and select 'Create new'.
Enter the details as per the following screenshot, and on the same page, enter the email notification details:To: Destination Email address.
From: Source Email address which is present in the mail server.
Mail Server: Created in 1.
Generic text: cfgpath=firewall.policy.
Log Description: Object configured.
Action: Delete.
Test:
Upon trying to delete any test policy in FortiGate, an email notification will be received at the email address mentioned.
Test output:
Related articles:
- Technical Tip: How to configure email alerts for configuration changes on FortiGate using FortiAnaly...
- Technical Tip: How create event handler in FortiAnalzyer for policy change in FortiGate
- Technical Tip: Setting up a FortiAnalyzer event handler with a specific time schedule
- Technical Tip: How to set up Email Notifications with notification.fortinet.net
- Troubleshooting Tip: How to understand the email SMTP issues and its causes
- Troubleshoot: FortiAnalyzer unable resolve DNS to mail server
