1. Configure the SMTP server under System Settings -> Advanced -> SMTP Server and test validity.

2. Go to System Settings -> Event Log and search for ‘Warning’ Level log, with the description 'Device Offline'.

Search for the keywords 'Did not receive any log from device' from the Message field (msg) in the Event Log.

3. Go to 'root' ADOM, create an Event Handler, and an alert. Under Filters, select Level (Priority) Equal To ‘Warning’ and use Generic Text Filter (msg~'Did not receive any log from device'), as illustrated below:

Note:

If FortiAnalyzer has ADOM enabled, the ‘Local Device’ option under Event Handler -> Devices will only be available in the 'root' ADOM. Configure Notifications -> Send Alert Email to receive the alert email:

4. Test the result. Example of an alert email received by the network admin when FortiGate stops sending logs to FortiAnalyzer:

Note:

The following commands on the FortiAnalyzer will provide more information regarding the SMTP client application.

diagnose debug application fazmaild 8

diagnose debug timestamp enable

diagnose debug enable 

Related articles:

Technical Tip: How to configure an Event Handler with a generic text filter

Technical Tip: Use of Operators in Event Handler General Filter (syntax)

Technical Tip: How to set up Email Notifications with notification.fortinet.net 
Technical Tip: How to create Event Handler for FortiAnalyzer Local Events