Hi,
I have a problem with displaying the event handler in fortisoc, in the sense that once set the event works correctly but the events counter, in the right side of the screen, seem to reset automatically and I can't get an actual history of how many times the handler has worked.
Is there any tweak that can help me not reset the event count?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Giuseppe,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Ciao Giuseppe,
In page 93 of this guide:
You will maybe find interesting information.
Could you please have a look and tell me if you find anything useful?
Regards,
Hello Anthony,
thanks for the doc but unfortunately it doesn't help me.
BR
Could you please share the FAZ version? Also, can you confirm if there is any pattern in the count reset? For example, after a change or after reaching a particular time interval? Is it going back to zero or the number is reduced/changed?
Also, can you check if the logs triggering the events are getting archived and that leads to reset of the counter as there is no active logs for this event?
Hello Giuseppe,
We will then continue to look for an answer.
I come back to you ASAP.
Regards,
Hello GuiseppeB,
Can you check the max-alert-count configured as of now? 10,000 is the default count. you can push it to 50,000 if required.
get sys log alert
conf sy log alert
(alert)# show
(alert)# get
max-alert-count : 10000
(alert)# set max-alert-count
The alert count range between 100 and 50000.
(alert)# set max-alert-count 20000
(alert)# end
Let me know after changing it if you are seeing some improvement or not.
https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-Increase-the-number-of-alerts-display-...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.