Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
smkml
Staff
Staff

Created on ‎01-02-2023 11:50 PM Edited on ‎01-08-2023 11:21 PM By Community Manager

Troubleshooting Tip: Error received when importing an event handlers file

Description This article describes how to troubleshoot if an error is received when importing an event handlers file in FortiAnalyzer.
Scope FortiAnalyzer.
Solution

Event handlers will determine what events are to be generated from Analytics Log (Log View).

 

Some custom event handlers are modified from existing predefined and need to import again to other FortiAnalyzer.

 

But somehow, it throws the error Upload Failed / Invalid file format without mentioning the cause in the GUI:

 

smkml_1-1672735155566.png

 

smkml_0-1672735102509.png

 

The error details can be seen in System Settings -> Event Log:

 

Description: Import FortiAnalyzer config failed

Message: failed to import alert(s)! error message[xxxxx]

 

smkml_0-1672734373625.png

 

 

Example error:

 

1) Fabric Connector does not exist in the FortiAnalyzer:

 

smkml_3-1672724824703.png

 

 

This can be rectified by removing/adding the Fabric Connecters in the JSON file or in GUI:

 

smkml_5-1672725081939.png

 

smkml_8-1672725430290.png

 

2) The mail server does not exist in the FortiAnalyzer:

 

smkml_4-1672724877810.png

 

This can be rectified by removing/adding the mail server in JSON file or in GUI:

 

smkml_6-1672725162627.png

 

smkml_7-1672725269895.png
Labels:
104
0 Kudos
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.