Description |
This article describes how to configure the FortiManager to send its local system event log via email notification by using event handler feature.
If the local system event log match any condition set in the event handler, it will send email notification.
This configuration guide also applied to FortiAnalyzer. |
Scope | FortiManager, FortiAnalyzer. |
Solution |
Configuration Steps:
1) Enable FortiAnalyzer feature in FortiManager, it requires a reboot.
OR, enable FortiManager log to external FortiAnalyzer Server:
# config system locallog fortianalyzer setting
2) In FortiManager with FAZ feature or in external FortiAnalyzer , setup the email server via System Settings -> Advanced -> Mail Server -> Create New.
3) Test the email server and the test email should successfully send out a test email.
4) In FortiManager with FortiAnalyzer feature or in external FortiAnalyzer, create an event handler under ADOM: root as the local system event log will match to send an email notification based on the match condition and filter settings.
Note. Tor local system event log handling, it must be created under ADOM: root.
5) Make sure the handler created is on 'Local Device' if FortiAnalyzer enable on FortiManager and/or then fill in the corresponding filter information using logid 0002011003 for example to detect FortiManager to FortiGate tunnel down.
For this example, generic text filter to filter off log_id=0002011003 which stands for msg=fgfm connection to device Wira-kvm03 is down will be used.
log_id=0002011003 type=event subtype=fgfm level=warning desc=fgfm connection down msg=fgfm connection to device Wira-kvm03 is down user=fgfm device=Wira-kvm03 devid=FMG-VM0A17002000 itime=2022-08-01 13:44:07 date=2022-08-01 time=13:44:07 dtime=2022-08-01 13:44:07 itime_t=1659332647
Select the mail server created earlier and save the configuration.
6) If any FortiGate to FortiManager connection between FortiManager and FortiGate is down or offline, see the event count increases will be visible and the corresponding log in the system event log as well as in the Alert Message Console in the system dashboard.
7) An email notification will be received if the event log match the event handler that being configured.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.