Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Omerrr34
New Contributor

Created on ‎04-25-2023 01:37 PM

Fortigate spesific mail notification

Hello,

 

I want to send an alert by mail when a specific object is created on the fortigate.

 

For example;

 

I am creating a new object, I enter 0.0.0.0/0 as ip address, but I cannot see ip/netmask information in the logs. That's why I couldn't create an alert with siem.

Any ideas on this?

tst.png

Labels:
364
0 Kudos
2 REPLIES 2
gfleming
Staff
Staff

Created on ‎04-25-2023 08:47 PM

You want logs showing exactly what the full configuration was? I don't know if that's possible.

 

Can you get your SIEM to make an API call to the FortiGate to query the address object?

Cheers,
Graham
346
0 Kudos
gfleming
Staff
Staff

Created on ‎04-25-2023 08:53 PM

I just tested this myself and I see the details in the cfgattr field:

 

Apr 25 20:51:30 192.168.0.1 date=2023-04-25 time=19:51:30 devname="xxxxxxx" devid="FGXXXXXXXXXX" eventtime=1682481090039373910 tz="-0700" logid="0100044547" type="event" subtype="system" level="information" vd="root" logdesc="Object attribute configured" user="xxxxxxxx" ui="ssh(192.168.X.X)" action="Add" cfgtid=1742143499 uuid="X" cfgpath="firewall.address" cfgobj="TESTADDR" cfgattr="type[ipmask]subnet[0.0.0.0 0.0.0.0]" msg="Add firewall.address TESTADDR"

 

Have you looked at the raw log messages to ensure it's not showing up there?

Cheers,
Graham
343
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.