Help to create a handler with mail alert, when traffic shaper drops packets.

fortimaster · ‎10-04-2024

Hi all ¡¡

I have fortigate and fortianalyzer. I need to control traffic sent by servers in one Fortigate interface. For that, I have a shared shaper. I would like to receive an email when the shaper is working (droping packets) cause the server exceeds limits. When shaper drop bytes, I can see in Firewall logs "shaperdropsentbyte=X" where X is a number. If it's non-zero, that means shaper is dropping packets (example "shaperdropsentbyte=40").

On the other hand I have a Fortianalyzer receiving logs. In fortianalyzer I've a SMTP relay server configured and if I test it, I receive mail correctly. I have created a "data selector" and I have attached it to a simple handler.

The data selector is simple, I use "Log file by text" with shaperdropsentbyte!=0 (with =0 doesn't works either). The handler, configured with the data selector and the mail notification has never events matched, and, obviously I don't receive mail alert.

Please, could you help me? Why handler is never matched? (On pictures the handler is disabled but I test it when it's enabled). I would like to receive a mail alert when shaper drop bytes. Thanks ¡¡

fortimaster · ‎10-04-2024

I have rebooted FAZ and now it works. I should done it before ¡¡¡

Jean-Philippe_P · ‎10-04-2024

Hello Fortimaster!

Thanks for sharing the solution and do not worry sometimes we don't try the more obvious solution :) Glad that you fixed your issue!

Jean-Philippe - Fortinet Community Team

Help to create a handler with mail alert, when traffic shaper drops packets.

Nominate a Forum Post for Knowledge Article Creation