Help
FortiSIEM Discussions
adem_netsys
Contributor

Created on ‎08-09-2024 10:44 AM

Create Rule Issue

Hi guys,

 

I use the default "no logs from device" rule to generate an alarm when there is no log from all my products, but I want my two dc machines to come with a separate rule, not in this rule, so I added these two machines as an exception to the existing rule and cloned this rule and wrote it separately for only two machines, but it gave a sync error and did not work.

109
0 Kudos
1 REPLY 1
premchanderr
Staff
Staff

Created on ‎09-25-2024 11:13 PM Edited on ‎09-25-2024 11:16 PM

Hi @adem_netsys ,

Rule sync error would be due to rule badly written and any fields invalid. You would need to review the rule and better to open support request since its specific to your environment. 


This documentation would be useful:
https://community.fortinet.com/t5/FortiSIEM/Technical-Tip-How-to-troubleshoot-rules/ta-p/303822

Regards,
Prem Chander R
45
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.