Fortinet 5.0 Patch 6 Alert email

Fortinet 576 FortiWeb 5.0 Patch 6 Administration Guide

The attack log refreshes to show the search results on a new page. The page includes two

new icons: Generate Log Detail PDF and Reset.

6. To generate a detailed report of the attack log search results in PDF format, click a check

box for the log to view and select the Generate Log Detail PDF icon.

7. Select Reset to clear the search results and return to the full list of attack logs.

Alert email

To notify you of serious attack and/or system failure events, you can configure the FortiWeb

appliance to generate an alert email.

Alerts appear on the dashboard. FortiWeb will also generate alert e-mail if you configure email

settings and include them in a trigger that is used by system resource thresholds and/or traffic

policies.

Alert email are based upon events that are also in log messages. If you have received an alert

email and want to know more about the events, go to the corresponding log messages. For

information on viewing locally stored log messages, see “Viewing log messages” on page 557.

To configure alert email

1. Configure email settings so that FortiWeb will be able to connect to an SMTP server that will

deliver alerts. See “Configuring email settings” on page 576.

2. If you want to receive email about attacks or policy violations, add the email settings to the

trigger that is used by those policies. See “Configuring triggers” on page 557.

3. If you want to receive email about system resource statuses, configure alert thresholds. See

“Enabling log types, packet payload retention, & resource shortage alerts” on page 546.

4. If you want to receive copies of event log messages via email, See “Configuring alert email

for event logs” on page 578.

If you define email settings, FortiWeb can send email to alert specific administrators or other

personnel when a serious condition or problem occurs, such as a system failure or network

attack. Email settings include email address information for selected recipients and it sets the

frequency that emails are sent to those recipients.

For example, you might configure a signature set to monitor for SQL-injection violations and

take specific actions if those types of violations occur. The specific actions can include sending

an alert email, in which case the email is sent to the individuals identified in the email settings

attached to the trigger used for the SQL injection violation. The trigger could also include

recording the violation in Syslog or FortiAnalyzer. For more information on Syslog or

FortiAnalyzer settings, see “Configuring Syslog settings” on page 554 and “Configuring

FortiAnalyzer policies” on page 555.

The alert email settings also enables you to define the interval that emails are sent if the same

alert condition persists following the initial occurrence.

For example, you might configure the FortiWeb appliance to send only one alert message for

each 15-minute interval after warning-level log messages begin to be recorded. In that case, if

the alert condition continues to occur for 35 minutes after the first warning-level log message,

the FortiWeb appliance would send a total of three alert email messages, no matter how many

warning-level log messages were recorded during that period of time.

Intervals are configured separately for each severity level of log messages. For more information

on the severity levels of log messages, see “Log severity levels” on page 544.