Manuals / Fortinet / Computer Equipment / Network Card

Fortinet 3.0 MR7 manual Alert Events, Triggers

Models: 3.0 MR7

1 234

Download 234 pages 61.67 Kb

Page 141


Alert	Alert Events

Alert

Alerts provide a method of informing you of issues arising on a FortiGate unit, FortiClient installation, or the FortiAnalyzer unit itself, such as system failures or network attacks, enabling you to react in a timely manner to the event.

You can configure the FortiAnalyzer unit alert conditions, instructing the FortiAnalyzer unit what devices and what log messages to monitor, and what to do in the event a log message appears meeting the alert conditions.

This section includes the following topics:

•Alert Events

•Output

Alert Events

Alert events define log message types, severities and sources which trigger administrator notification. For example, you could configure a trigger on the attack logs with an SMTP server output if you want to receive an alert by email when your network detects an attack attempt.

You can choose to notify administrators by email, SNMP or Syslog, as well as the Alert Console Messages section of the Dashboard. For more information on viewing alerts locally, see “Viewing alert console messages” on page 34.

To view configured alert events, go to Alert > Alert Event.

Figure 1: Alert events list


	Delete
	Edit
Create New	Select to add a new alert event.
Delete	Select to remove multiple alert events from the table. To do this,
	select the check box next to the alert events and select Delete.
Name	The name given to the alert event.
Devices	The devices the FortiAnalyzer unit is monitoring for the alert event.
Triggers	The log message packets the FortiAnalyzer unit is monitoring for
	the alert event.
Destination	The location where the FortiAnalyzer unit sends the alert
	message. This can be an email address, SNMP Trap or syslog
	server.
Action	Select Delete to remove the alert event.
	Select Edit to change the alert event configuration.

FortiAnalyzer Version 3.0 MR7 Administration Guide
05-30007-0082-20080908	133

Image 141

Fortinet 3.0 MR7 manual Alert Events, Triggers

Contents

M I N I S T R a T I O N G U I D E Trademarks Regulatory complianceFCC Class a Part 15 CSA/CUS Contents Viewing session information Filtering session information Radius Server Administrator SettingsLog Receive Monitor Intrusion Activity Adding a routeContent Archive 107 DeviceLog Quarantine 131 Reports 113Alert 133 Network Analyzer 141Managing firmware versions 169 Tools 157Index 213 Appendix FortiAnalyzer reports in 3.0 MR7 185About this document IntroductionFortinet documentation Describes how to install and set up the FortiAnalyzer unitFortinet Tools and Documentation CD Customer service and technical supportFortinet Knowledge Center Comments on Fortinet technical documentationCustomer service and technical support High-end FortiAnalyzer units support additional What’s new for 3.0 MR7FortiAnalyzerVersion 3.0 MR7 Administration Guide Power supply monitoring for FortiAnlayzer-2000A and 4000A MR7 new features and changesRegistered devices’ hard limits CLI displays the tasks in the upload queueConfig log settings Set custom-field1-5 Report configuration enhancementsCustom fields for log messages ReportsVoIP reports All other reports, for exampleReportHeadquarters-2008-05-26-1030 Alert email configuration changes About administrative domains ADOMs Administrative Domains ADOMsAbout administrative domains ADOMs FortiAnalyzer Model Number of Administrative Domains To enable ADOMs Configuring ADOMsGo to System Admin Settings Enable Admin Domain Configuration Select OK Message appearsGo to Global Configuration System Admin Settings To disable ADOMsTo add or edit an Adom Select OK FortiAnalyzer unit logs you outAssigning administrators to an Adom Accessing ADOMs as the admin administratorTo access an Adom To assign an administrator to an AdomSystem DashboardSystem Information To refresh a Dashboard widget Go to System Dashboard To rearrange a Dashboard widget Go to System DashboardTo include a Dashboard widget Go to System Dashboard TabsTo omit a Dashboard widget Go to System Dashboard To add a tab Go to System DashboardRAID Monitor Double-click on the name of the tab and select the X symbolEnter a new name and press Enter To delete a tab Go to System DashboardRebuilding icon System Information05-30007-0082-20080908 Setting the timeChanging the firmware Changing the host nameLicense Information To change the host name Go to System DashboardViewing operational history System ResourcesRVS Plug-ins Device License Memory UsageFormatting the log disks System OperationTo format the log disks Go to System Dashboard Systems Operations area, select Format Log Disks Select OKAlert Message Console Resetting to the default configurationViewing alert console messages To view alert console messages Go to System DashboardViewing session information StatisticsSelect the delete icon ConnectionsReport Engine Filtering session informationTo view the session information Go to System Dashboard Statistics area, next to Connections, select DetailsType Log Receive MonitorTop N PeriodIntrusion Activity Virus ActivityDisplay by Virus Activity widget Top FTP TrafficTop Email Traffic, select Edit Top Email TrafficTop IM/P2P Traffic, select Edit in the title bar area Top IM/P2P TrafficTop Traffic To edit information for Top Traffic Go to System DashboardTop Traffic, select Edit in the title bar area Top Web Traffic, select Edit Top Web TrafficInterface NetworkAdministrative Changing interface settingsStatus ModifyAbout Fortinet Discovery Protocol To configure DNS settings Go to System Network DNSRouting Enter an IP address for a primary and secondary DNS serverSelect Create New Configure the following options AdminAdding a route To add a static route Go to System Network RoutingAdding or editing an administrator account Access Profile Changing an administrator’s passwordAccess Profile Admin DomainAuth Group To add a group Go to System Admin Auth GroupNone Read OnlyTo add a Radius server Go to System Admin Radius Server Administrator SettingsSelect Create New Configure the following and select OK Radius ServerMonitor Network SharingAdding share users To add a user account Go to System Network Sharing UserConfiguring Windows shares Adding share groupsTo add a user group Go to System Network Sharing Group Permissions Assigning user permissionsRemote Clients Configuring NFS sharesConfig Default file permissions on NFS sharesAutomatic file deletion and local log settings Log Level Allocated Disk Space MB FortiAnalyzer unit log settings Log LocallyConfiguring log aggregation FortiAnalyzer-800/800B FortiAnalyzer-400FortiAnalyzer-2000/2000A FortiAnalyzer-4000/4000AConfiguring an aggregation server Configuring an aggregation clientConfiguring log forwarding To forward log events Go to System Config Log ForwardingTo add an IP alias Go to System Config IP Alias Configuring IP aliasesTo edit an IP alias Go to System Config IP Alias To import the alias file Go to System Config IP AliasConfiguring RAID IP alias rangesRAID levels RAID LinearRAID 5 with hot spare Hot swapping hard disksFortiAnalyzer-800/800B disk drive configuration FortiAnalyzer-400 disk drive configurationTo swap a hard disk Go to System Config RAID FortiAnalyzer-2000/2000A disk drive configurationFortiAnalyzer-4000 disk drive configuration As well as from System Config RAID Configuring RAID on the FortiAnalyzer-400FortiAnalyzer-800/800B Level 1Size GB Configuring Ldap connectionsSelect Create New. Complete the following To define an Ldap server query Go to System Config LdapMaintenance Backup & RestoreBackup Back up the current configuration FortiGuard Center 10.10.1.108889 Scheduled UpdateEvery DailyMaintenance Viewing the device list DeviceShow Add DeviceUnregistered Device Options HardwareAction Secure Connection Disk Space MB Used/AllocatedTo delete a device Go to Device All Device Maximum number of devicesUnregistered vs. registered devices Configuring unregistered device connection attempt handling Or the following options for unknown device types Manually adding a device Device ID Device NameMode Member IDsGroup Membership FortiGate Interface Specification When Allocated Disk Space is All Used Devices PrivilegesClassifying FortiGate network interfaces For more information, see Manually adding a device on Configure the FortiGate deviceTo enable the FortiAnalyzer unit to reply to FDP packets On the FortiAnalyzer unit, go to Device AllGo to System Network Hardware Model Blocking device connection attemptsConfiguring device groups To block a device Go to Device All DeviceTo unblock a device Go to Device All Blocked Device To delete a device group Go to Device Group Device Group To configure a device group Go to Device Group Device GroupGroup Name MembersLog Viewing log messagesViewing current log messages Viewing historical log messages Column SettingsBrowsing log files To view historical logs Go to Log Log Viewer HistoricalImport Viewing log file contents To import a log file Go to Log Browse Importing a log fileTo download a whole log file Go to Log Browse Downloading a log fileTo download a partial log file Go to Log Browse Convert to CSV format Compress with gzipCustomizing the log view Select Download Current View Configure the followingDisplaying and arranging log columns To display logs in Raw or Formatted viewFiltering logs To display or hide columnsTo change the order of the columns To filter log messages by column contents To disable a filterFiltering tips 101 Searching the logsFrom Searching the logsSearch tips To search the logs Go to Log Search103 192.168.* action=login Printing the search resultsDownloading the search results Rolling and uploading logs To download log search results Go to Log Search105 Not exceeded ExceedServer IP address Username107 108 Viewing content archives Content ArchiveView per page Page n of n Column Settings Printable Version Delete associated content archive filesTimeframe 109 Customizing the content archive viewFilter icons in the content logs 111 Searching full email content archives 113 Last activity114 Reports Configuring reportsConfiguring report layout To configure a report layout Go to Report Config Layout Name Enter a name for the report Description115 Title Page Logo Header LogoCategory 117 Editing charts in a report layoutMaximum Entries Top N Time Scale Advanced To edit a chartTo edit text Configuring report schedulesTo edit section 119Schedule Name To configure a report schedule Go to Report ScheduleReport layout Name ScheduleData Filter Log Data FilteringTime Period 121Data filter templates Configuring data filter templatesFilter logic Sources123 Interfaces DestinationsPolicy IDs Day of the Week125 Configuring report output templatesOutput template FTP/SFTP/SCP Server Action127 Nomatch=No matching log data for this report Configuring languageComment is # Localization uses a Latin character set129 Font LanguagesLanguage file error messages Error message Description Save the format file131 Browsing reports 133 134 Viewing quarantined files QuarantineQuarantined files for a specific device SeeDate & Time ServiceChecksum Status DescriptionAlert Alert EventsTriggers To add a new alert event Go to Alert Alert Event Adding an alert eventOutput Configuring alerts by email serverTo Email Address AddConfiguring Snmp traps and alerts Testing the mail server configurationEnable Smtp Server137 FortiAnalyzer Snmp support Adding an Snmp serverFortinet MIB System Traps Fortinet MIB Administrator AccountsFortinet MIB Logging Traps Fortinet MIB VPN TrapsAdding a Syslog server Configuring alerts by Syslog serverRFC-1213 MIB RFC-2665 Ethernet-like MIB141 Configure the following options, and select OK142 Network Analyzer Config log settings Set enableanalyzer yes EndExample network topology for Network Analyzer use Viewing Network Analyzer log messages Viewing current Network Analyzer log messages143 Viewing historical Network Analyzer log messages Protocol Protocol used when sending the traffic MessageBrowsing Network Analyzer log files Viewing Network Analyzer log file contentsPrintable Version Download Current View Resolve Service View n per page Page n of n Column Settings147 Downloading a Network Analyzer log fileDisplaying and arranging Network Analyzer log columns Customizing the Network Analyzer log view149 Filter icons in Network Analyzer150 Keywords Searching the Network Analyzer logsQuick Search Full SearchOther To search the logs Go to Tools Network Analyzer Search153 172.20.120.127 tcpSelect the download options that you want, then select OK Rolling and uploading Network Analyzer logs155 Log file should be rolled... even if size is not exceededSelect the protocol to use when uploading to the server Tools Preparing for the vulnerability scan job157 Preparing Windows target hosts 159 To enable NetBIOS Go to Start Control Panel Viewing vulnerability scan modules Preparing Unix target hosts161 Vulnerability Scan modules View modules with severity Configuring vulnerability scan jobs Details163 Target Job NameSelect Create New Complete the following Remote Authentication User NameScan Targets Quick ScanFile output Email AttachmentEmail Body 167 Viewing vulnerability scan reportsFile Explorer End TimeFormats 169 File Explorer with Storage directory expanded170 Managing firmware versions Backing up your configurationBacking up your configuration using the CLI Backing up your configuration using the web-based managerTo back up your configuration file using the CLI Execute backup config filename addressip passwd171 Testing firmware before upgrading Press any key to display configuration menu…To test the firmware image before upgrading Enter Local Address Enter Tftp server addressEnter firmware image file name image.out 173Upgrading your FortiAnalyzer unit Upgrading using the web-based managerUpgrading to FortiAnalyzer OnlyTo upgrade to FortiAnalyzer 3.0 using the web-based manager Upgrading using the CLITo upgrade to FortiAnalyzer 3.0 using the CLI Execute restore image namestr tftpip4Get system status Verifying the upgradeDowngrading to FortiLog Reverting to a previous firmware versionSelect OK Following message appears 177To downgrade using the CLI Downgrading to FortiLog 1.6 using the CLIExecute restore image tftp namestr tftpipv4 Execute restore image tftp image.out179 Restoring configuration settings on a FortiAnalyzer unit Restoring your configurationTo restore a firmware image to the FortiAnalyzer unit Execute rebootPress any key to display configuration menu When this message appearsEnter File Name image.out 181To restore configuration settings using the CLI Restoring your configuration settings using the CLIExecute restore config namestr tftpipv4 passwrd Execute restore config confall 192.168.1.168 ghrffdt123183 184 Appendix FortiAnalyzer reports in 3.0 MR7 FortiGate reports185 Antivirus Activity Intrusion Activity reports MR6 reports MR7 reportsAntivirus Activity reports MR6 reports MR7 reports 187 Antivirus Activity reportsTop Virus Destinations over POP3 Webfilter Activity WebFilter Activity reports MR6 reports MR7 reports189 Antispam Activity WebFilter Activity reportsAntispam Activity reports MR6 reports MR7 reports Antispam Activity reports IM ActivityIM reports MR6 reports MR7 reports 191VoIP reports MR7 reports IM reportsContent Activity VoIP reports193 Content Activity reports MR6 reports MR7 reports Network ActivityNetwork Activity reports MR6 reports MR7 reports Web Activity Network Activity reports195 Mail Activity FTP ActivityReport, Top Mail Servers Connections remains unchanged VPN Activity Terminal ActivityFTP Activity reports Terminal Activity reports MR6 reports MR7 reportsEvent Activity VPN Activity reports MR6 reports MR7 reportsEvent Activity reports MR6 reports MR7 reports Report, Top Event Categories by Status, was removed P2P ActivityEvent Activity reports P2P Activity reports MR6 reports MR7 reportsP2P Activity reports Audit Activity201 Summary ReportsAudit Forensic ReportsDetailed Report, Top Client Requests to Permitted Sites, was removedSummary FortiMail ReportsMail High Level 203Mail High Level reports Mail Sender Mail Sender reports MR6 reports MR7 reports205 Mail Destination IP Mail Recipient ActivityMail Sender reports Mail Recipient Activity reports MR6 reports MR7 reportsMail Destination IP reports MR6 reports MR7 reports Spam SenderSpam Sender reports MR6 reports MR7 reports 207Spam Recipient Spam Sender reportsSpam Recipient reports MR6 reports MR7 reports Virus Sender Spam Destination IPSpam Recipient reports Spam Destination IP reports MR6 reports MR7 reportsVirus Sender reports MR6 reports MR7 reports Virus Sender reports Virus RecipientVirus Recipient reports MR6 reports MR7 reports 211Virus Destination IP FortiClient Reports213 IndexFDN 215 FTPMail server 135 Main Menu 20 managing firmware 217 RFCSee also protocol test 219 Index FortiAnalyzer Version 3.0 MR7 Administration Guide