FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Article Id 309142


This article describes the configuration requirements for using Amazon Simple Email Service with FortiAnalyzer.

SES SMTP interface allows only explicit SSL over port 587, or implicit SSL over port 465. The SES servers will not send a plain text SMTP greeting after connecting on these ports, and if the Mail Server configuration on FortiAnalyzer is using the default security setting, the connection will time out and fail after 30 seconds.








To allow FortiAnalyzer to use Amazon SES as a mail server, it must connect using SMTPS. The Mail Server objects in FortiAnalyzer can be configured via GUI under System Settings -> Advanced -> Mail Server.


However, the required setting 'secure-option smtps' is only available via CLI. For example:


config system mail
   edit "Amazon_SES"

      set server ""
      set port 465
      set secure-option smtps
      set auth enable

      set passwd ****************************************




This configuration's SMTP user and password differ from the standard AWS credentials. The two types of credentials are not interchangeable.

For more information about obtaining SMTP credentials from AWS, see Obtaining Amazon SES SMTP credentials



From the FortiAnalyzer side,  use the following debug commands in CLI:


diag debug app alertmail 255
diag debug app fazmaild 255

diag debug enable



After the troubleshooting, make sure to stop the debugs using the command 'diag debug reset'.

Packet capture may also be useful when troubleshooting mail server connection issues. It can be configured in the FortiAnalyzer GUI under System Settings -> Network -> Packet Capture.


Related article:

Technical Tip: How to set up Email Notifications with