Alert Events

Alert

Adding an alert event

Adding an alert event enables you to receive notification when certain types of log messages are received.

To add a new alert event

1Go to Alert > Alert Event.

2Select Create New.

3Configure the following options:

Alert Name

Enter a name indicating the type of alert the FortiAnalyzer is

 

monitoring for.

Device Selection

Select the devices the FortiAnalyzer unit monitors for the alert

 

event. Select from the Available Devices list and select the right

 

arrow to move the device name to the Selected Devices list. Hold

 

the SHIFT or CTRL keys while selecting to select multiple devices.

Trigger(s)

Select the triggers that the FortiAnalyzer unit uses to indicate

 

when to send an alert message. Select the following:

 

a log type to monitor, such as Event Log or Attack Log

 

the severity level to monitor for within the log messages, such

 

as >=

 

the severity of the log message to match, such as Critical

Log Filters

(Generic Text)

Threshold

For example, selecting Event Log >= Warning, the FortiAnalyzer unit will send alerts when an event log message has a level of Warning, Error, Critical, Alert and Emergency.

These options are used in conjunction with Generic Text and Device Selection to specify which log messages will trigger the FortiAnalyzer unit to send an alert message.

Select the check box Generic Text to enable log filters, and then enter log message filter text.

This text is used in conjunction with Trigger(s) and Device Selection to specify which log messages will trigger the FortiAnalyzer unit to send an alert message.

Enter an entire word, which is delimited by spaces, as it appears in the log messages that you want to match. Inexact or incomplete words or phrases may not match. For example, entering log_i or log_it may not match; entering log_id=0100000075 will match all log messages containing that whole word.

Do not use special characters, such as quotes () or asterisks (*). If the log message that you want to match contains special characters, consider entering a substring of the log message that does not contain special characters. For example, instead of entering, User 'admin' deleted report 'Report_1', you might enter admin.

Set the threshold or log message level frequency that the FortiAnalyzer unit monitors for before sending an alert message. For example, set the FortiAnalyzer unit to send an alert only after it receives five emergency messages in an hour.

Destination(s)

Select where the FortiAnalyzer unit sends the alert message.

Send alert to

Select an email address, SNMP trap or Syslog server from the list.

 

You must configure the SNMP traps or Syslog server, before you

 

can select them from the list.

 

For the FortiAnalyzer unit to send an email message, you must

 

configure a DNS server and mail server account. For information,

 

see “Configuring alerts by email server” on page 135.

 

For information on configuring SNMP traps, see “Configuring

 

SNMP traps and alerts” on page 136.

 

For information on configuring Syslog servers, see “Configuring

 

alerts by Syslog server” on page 140.

 

FortiAnalyzer Version 3.0 MR7 Administration Guide

134

05-30007-0082-20080908

Page 141 Page 143
Page 142
Image 142
Fortinet 3.0 MR7 manual Adding an alert event, To add a new alert event Go to Alert Alert Event
Page 141 Page 143
Top Page Image Contents