Fortinet 576 FortiWeb 5.0 Patch 6 Administration Guide
The attack log refreshes to show the search results on a new page. The page includes two
new icons: Generate Log Detail PDF and Reset.
6. To generate a detailed report of the attack log search results in PDF format, click a check
box for the log to view and select the Generate Log Detail PDF icon.
7. Select Reset to clear the search results and return to the full list of attack logs.
Alert email
To notify you of serious attack and/or system failure events, you can configure the FortiWeb
appliance to generate an alert email.
Alerts appear on the dashboard. FortiWeb will also generate alert e-mail if you configure email
settings and include them in a trigger that is used by system resource thresholds and/or traffic
policies.
Alert email are based upon events that are also in log messages. If you have received an alert
email and want to know more about the events, go to the corresponding log messages. For
information on viewing locally stored log messages, see “Viewing log messages” on page 557.
To configure alert email
1. Configure email settings so that FortiWeb will be able to connect to an SMTP server that will
deliver alerts. See “Configuring email settings” on page 576.
2. If you want to receive email about attacks or policy violations, add the email settings to the
trigger that is used by those policies. See “Configuring triggers” on page 557.
3. If you want to receive email about system resource statuses, configure alert thresholds. See
“Enabling log types, packet payload retention, & resource shortage alerts” on page 546.
4. If you want to receive copies of event log messages via email, See “Configuring alert email
for event logs” on page 578.

Configuring email settings

If you define email settings, FortiWeb can send email to alert specific administrators or other
personnel when a serious condition or problem occurs, such as a system failure or network
attack. Email settings include email address information for selected recipients and it sets the
frequency that emails are sent to those recipients.
For example, you might configure a signature set to monitor for SQL-injection violations and
take specific actions if those types of violations occur. The specific actions can include sending
an alert email, in which case the email is sent to the individuals identified in the email settings
attached to the trigger used for the SQL injection violation. The trigger could also include
recording the violation in Syslog or FortiAnalyzer. For more information on Syslog or
FortiAnalyzer settings, see “Configuring Syslog settings” on page 554 and “Configuring
FortiAnalyzer policies” on page 555.
The alert email settings also enables you to define the interval that emails are sent if the same
alert condition persists following the initial occurrence.
For example, you might configure the FortiWeb appliance to send only one alert message for
each 15-minute interval after warning-level log messages begin to be recorded. In that case, if
the alert condition continues to occur for 35 minutes after the first warning-level log message,
the FortiWeb appliance would send a total of three alert email messages, no matter how many
warning-level log messages were recorded during that period of time.
Intervals are configured separately for each severity level of log messages. For more information
on the severity levels of log messages, see “Log severity levels” on page 544.