FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
psalian
Staff & Editor
Staff & Editor
Article Id 197283

Description

 

This article describes the steps on how to configure email alerts for config and policy status changes on FortiManager.

 

 

Scope

 

 

FortiManager. Cannot be done on FortiManager Cloud: Limitations of FortiManager Cloud


Solution


To configure email alerts,  the Event Handler feature is used.

Configuration steps by steps
1: Enable FortiAnalyzer feature: Event handler is a FortiAnalyzer feature and hence needs to be enabled.
 Under System Settings -> Dashboard -> System Information and Toggle ON for FortiAnalyzer features.
Note: Adding the FortiAnalyzer feature will double the minimum requirements!
 
systeminfo6.png
 

3: Under System Settings -> Event logs, events will be seen  when config status or policy status is changed.

   Both events will be logged under separate log types.


For policy changes you can refer below image:

 
policychange3.png

 

For config changes you can refer below image:

 

config_changes3.png

 
 
4: Configure email server: Alerts would be sent using this email server.
     Configure it under System Settings -> Mail Server.
 
mailserver2.png
 
5: Create an event handler for both conditions
 Under Event Management -> Event Handler list and select 'Create new'.

Event handler for config status changes:

 

 

eventhandler2.png

 

Event handler for policy status changes you can refer below image:

 

 

eventhandlerpolicy2.png

 

Note: In version 7.4+ first create a "Incident & events > Data selector > Create new" then choose local and use the provided example above. Then use the data selector in the event handler.

 

6: When there is an event log generated for the status changes and when it matches the events configured in the event handler, there is an email sent with details about the event to the email addresses configured in the notification section.

 

 

7.Debugs on the FortiAnalyzer.

The following commands on the FortiAnalyzer will provide more information regarding the SMTP client application.

For FortiAnalyzer 7.6 or above, perform a flow capture:

 

diagnose debug application fazmaild 8
diagnose debug timestamp enable
diagnose debug enable


Related article:

Technical Tip: How to set up Email Notifications with notification.fortinet.net