Hi all ¡¡
I have fortigate and fortianalyzer. I need to control traffic sent by servers in one Fortigate interface. For that, I have a shared shaper. I would like to receive an email when the shaper is working (droping packets) cause the server exceeds limits. When shaper drop bytes, I can see in Firewall logs "shaperdropsentbyte=X" where X is a number. If it's non-zero, that means shaper is dropping packets (example "shaperdropsentbyte=40").
On the other hand I have a Fortianalyzer receiving logs. In fortianalyzer I've a SMTP relay server configured and if I test it, I receive mail correctly. I have created a "data selector" and I have attached it to a simple handler.
The data selector is simple, I use "Log file by text" with shaperdropsentbyte!=0 (with =0 doesn't works either). The handler, configured with the data selector and the mail notification has never events matched, and, obviously I don't receive mail alert.
Please, could you help me? Why handler is never matched? (On pictures the handler is disabled but I test it when it's enabled). I would like to receive a mail alert when shaper drop bytes. Thanks ¡¡
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have rebooted FAZ and now it works. I should done it before ¡¡¡
Hello Fortimaster!
Thanks for sharing the solution and do not worry sometimes we don't try the more obvious solution :) Glad that you fixed your issue!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.