Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DanieleS99
Contributor

Alert when ip goes in quarantine

Hi,

I'm trying to figure out how to send an alert when an ip address is quarantined by the dos policy...
Does anyone know how to do this through automation stitches?

 

Thanks

1 Solution
Debbie_FTNT
Staff
Staff

Hey Daniele,

there should be event logs like

22850 - LOG_ID_USER_QUARANTINE_MAC_ADD

or
43776 - LOG_ID_EVENT_NAC_QUARANTINE

-> check your system event logs on FortiGate

 

You can create an automation stitch to trigger on the event log message; this is triggered based on the log ID. The last five numbers of the log ID are the specific log message ID that an automation stitch will trigger on.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

2 REPLIES 2
Debbie_FTNT
Staff
Staff

Hey Daniele,

there should be event logs like

22850 - LOG_ID_USER_QUARANTINE_MAC_ADD

or
43776 - LOG_ID_EVENT_NAC_QUARANTINE

-> check your system event logs on FortiGate

 

You can create an automation stitch to trigger on the event log message; this is triggered based on the log ID. The last five numbers of the log ID are the specific log message ID that an automation stitch will trigger on.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
DanieleS99
Contributor

Thanks, it works.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors