I trying to set alert for only specific policy violation.
I tried to enable
set violation-traffic-logs [enable|disable]
but I receiving a lot of other alerts.
my request can be done?
thanks for the help
If you want to view logs for specific firewall policy, click on that policy and enable logging for that policy in the end of that policy.
If you want to view implicit deny firewall policy logs, you can use this article:
Please check and keep us posted
thanks for your respone.
I know how to enable logs.
My goal is to set a policy for blocking malicious IP's and receive a notification only for this policy.
Hi there,Based on my understanding, you have multiple Policy and would like to enable logging for specific policy only.
Example:Policy 1-3 : Enable loggingPolicy 4-5 : No logging
On policy 4-5, edit each of this policy and turn off "Log Allowed Traffic".
On policy 1-3, enable the "Log Allowed Traffic".Hope that helps.
thanks for your response.
My goal is to set a policy for blocking malicious IPs and receive a notification only for this policy.
Hi its-chain,I think i understand your requirements now.If the IP is blocked by IPS, you can send email alert. If you are blocking using policy IPv4, this cannot be done.
Here is the reference: https://docs.fortinet.com/document/fortigate/6.2.7/cookbook/526019/email-alertsHope that helps.
As far as I can see, it isn't possible to do what you're looking for with FortiGate alone.
Alertmail configuration is too vague (on/off for "violation traffic"), and automation stitches do not allow triggering events based on forward traffic logs (checked 7.0.5 & 6.4.9, not sure about 7.2).
However, if you have a FortiAnalyzer, you should be able to put something together with its Event Handler. If you're looking for some documentation for that, you can start here .