Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
syu
New Contributor III

Best practices for configuring email alerts?

Here is an example below. How can I filter it out of the email alerts?

Message meets Alert condition The following intrusion was observed: IP.Land. date=2015-07-22 time=16:30:37 devname=FG1 devid=FG1K5D3 logid=0419016384 type=utm subtype=ips eventtype=signature level=alert vd="FW1" severity=low srcip=192.168.240.16 dstip=192.168.240.16 srcintf="DMZ" dstintf="DMZ" sessionid=4670609 action=detected proto=6 service=HTTP attack="IP.Land" srcport=51490 dstport=80 direction=outgoing attackid=12588 profile="DefaultIPS" ref="http://www.fortinet.com/ids/VID12588" user="" incidentserialno=45005085 msg="a-ipdf: IP.Land," crscore=5 crlevel=low

 

I need some suggestion here please. We have email alerts configured as screenshot. Email Alerts are working however the issue is that we are a little bit overwhelmed by the number of emails coming in ...

 

So my question: is there any other way I can further filter what to be sent in email as alerts?

 

I also tried using severity level (error and above) but that was even worse...

 

 

 

2 REPLIES 2
gschmitt
Valued Contributor

personally I'd remove "Virus detected" and "Violation traffic detected" from the list.

Virus detected simply means "Your user clicked a link, the fortigate blocked it, nothing happend" it didn't even make it to the machine (this is the job of your anti-virus if something actually infected a machine)

syu
New Contributor III

gschmitt wrote:

personally I'd remove "Virus detected" and "Violation traffic detected" from the list.

Virus detected simply means "Your user clicked a link, the fortigate blocked it, nothing happend" it didn't even make it to the machine (this is the job of your anti-virus if something actually infected a machine)

Thanks. Is there any best practice doc for logging with Fortigate? We do not have Fortianalyser.

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors