- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Creating custom event handler
Looking for instructions to create some custom event handlers for the following and have a notification sent to an email address.
Failed login attempts on fortigates during specific hours.
IPSEC tunnels that are down for a specific amount of time.
FortiAnalyzer-VM64
V6.2.3 GA Build1235
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds like Generic Text Filter is the way to go. It allows to match against specific text in a message. As for timeframe, you'd have to include some logic that compares the dtime or itime fields to be > start-time & < end-time.
Older KB article but with good step-by-step instructions: https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD35256
And from the admin guide: https://docs.fortinet.com/document/fortianalyzer/6.2.3/administration-guide/157132/using-the-generic...
Fortinet Technical Support