FAZ 5.2 Event Handler

CapnJoe · ‎10-02-2015

I could be drawing a blank here:

Is there an event handler or setting somewhere to alert when logs are not populating to the FAZ? - i.e. turning Red under Device Manager?

scao_FTNT · ‎10-09-2015

in 5.2.4, you will see local event log generated like below

Device[xxx] did not receive any log in last yyy minutes.

and thus you can create a local event log alert based on this log

attached pic I did a simple config

Thanks

Simon

View solution in original post

scao_FTNT · ‎10-23-2015

this feature (new log) is added from 5.2.3

Thanks

Simon

View solution in original post

scao_FTNT · ‎10-09-2015

in 5.2.4, you will see local event log generated like below

Device[xxx] did not receive any log in last yyy minutes.

and thus you can create a local event log alert based on this log

attached pic I did a simple config

Thanks

Simon

CapnJoe · ‎10-20-2015

Thanks!

I set this up and we'll try it this week/ weekend!

CapnJoe · ‎10-23-2015

I disabled a device from sending to the FAZ. However I'm not getting any message in the FAZ's event log that it's not receiving any logs. Is there a setting somewhere I need to enable this?

scao_FTNT · ‎10-23-2015

which FAZ version you are using?

in 5.2.4, you can find below CLI

FAZ200D # conf sys locallog setting (setting)# set log-interval-dev-no-logging Interval in minute for logging the event of no l ogs received from a device. ... default is enabled and set for 5 minutes

Thanks

Simon

CapnJoe · ‎10-23-2015

We're using 5.2.2

config system locallog ?

disk Configure disk. fortianalyzer Configure fortianalyzer. fortianalyzer2 Configure fortianalyzer2. fortianalyzer3 Configure fortianalyzer3. memory Configure memory. syslogd Configure syslogd. syslogd2 Configure syslogd2. syslogd3 Configure syslogd3.

scao_FTNT · ‎10-23-2015

this feature (new log) is added from 5.2.3

Thanks

Simon

CapnJoe · ‎01-13-2016

Thanks, this is working a lot closer than before!!!