Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortianalyzer Event Handler Firing Even Though Pattern Excludes Triggering Event


I have a FAZVM64 running v6.2.6 with a large number of customer ADOMs defined. In order to make event handling consistent, I have a script which generates a .json file containing the two event handlers that each ADOM currently requires. These .json files are regenerated when the criteria for the handlers change, and the two handers are removed from each ADOM and then re-imported from the updated .json file.


The problem I have is that even though I have lined excluding specific logid values, the event handler is still firing on those events.


So for example I have the generic-ized .json handler file attached, and I'm still getting alerts firing on Log ID 0101037132 -- even though that's specifically excluded.


Can anyone tell me what I should look for to figure this out?


Thank you for your time.

New Contributor

Quick note to say I've updated to 6.2.7 and it looks like these events are not firing the handler any more.

Top Kudoed Authors