Event Handler | Description |
Antivirus Event | Status: Disabled (Default) Devices: All FortiGates, All FortiCarriers (Default) Severity: High Log Type: Traffic Log Event Category: AntiVirus Group by: Virus Name Log messages that match all conditions: • Level Greater Than or Equal To Information Event Handling: Generate alert when at least 1 matches occurred over a period of 30 minutes. Select one of the following: Send Alert Email, Send SNMP Trap to, Send Alert to Syslog Server. |
APP Ctrl | Status: Disabled (Default) Devices: All FortiGates, All FortiCarriers (Default) Severity: Medium Log Type: Traffic Log Event Category: Application Control Group by: Application Name Log messages that match any of the following conditions: • Application Category Equal To Botnet • Application Category Equal To Proxy Event Handling: Generate alert when at least 1 matches occurred over a period of 30 minutes. Select one of the following: Send Alert Email, Send SNMP Trap to, Send Alert to Syslog Server. |
DLP | Status: Disabled (Default) Devices: All FortiGates, All FortiCarriers (Default) Severity: Medium Log Type: Traffic Log Event Category: DLP Group by: DLP Rule Name Log messages that match all conditions: • Security Action Equal To Blocked Event Handling: Generate alert when at least 1 matches occurred over a period of 30 minutes. Select one of the following: Send Alert Email, Send SNMP Trap to, Send Alert to Syslog Server. |
IPS Event | Status: Disabled (Default) Devices: All FortiGates, All FortiCarriers (Default) Severity: High Log Type: Traffic Log Event Category: IPS Group by: Attack Name Log messages that match all conditions: • Level Greater Than or Equal To Critical Event Handling: Generate alert when at least 1 matches occurred over a period of 30 minutes. Select one of the following: Send Alert Email, Send SNMP Trap to, Send Alert to Syslog Server. |
Web Filter | Status: Disabled (Default) Devices: All FortiGates, All FortiCarriers (Default) Severity: Medium Log Type: Traffic Log Event Category: WebFilter Group by: Hostname URL Log messages that match any of the following conditions: • Web Category Equal To Child Abuse, Discrimination, Drug Abuse, Explicit Violence, Extremist Groups, Hacking, Illegal or Unethical, Plagiarism, Proxy Avoidance, Malicious Websites, Phishing, Spam URLs Event Handling: Generate alert when at least 1 matches occurred over a period of 30 minutes. Select one of the following: Send Alert Email, Send SNMP Trap to, Send Alert to Syslog Server. |
Create New | Select to create a new event handler. This option is available in the toolbar and right-click menu. See “To create a new event handler:”. |
Edit | Select an event handler and select edit to make changes to the entry. This option is available in the toolbar and right-click menu. See “To edit an event handler:”. |
Delete | Select one or all event handlers and select delete to remove the entry or entries. This option is available in the toolbar and right-click menu. The default event handlers cannot be deleted. See “To delete an event handler:”. |
Clone | Select an event handler in this page and click to clone the entry. A cloned entry will have Copy added to its name field. You can rename the cloned entry while editing the event handler. This option is available in the toolbar and right-click menu. See “To clone an event handler:”. |
Status | The status of the event handler. This field will display when enabled and when disabled. |
Name | The name of the event handler. |
Filters | The filters that you have configured for the event handler. |
Event Type | The event category of the event handler. One of the following: AntiVirus, Application Control, DLP, IPS, or WebFilter. |
Devices | The devices that you have configured for the event handler. This field will either display All FortiGates or list each device or log array. |
Severity | The severity that you configured for the event handler. This field will display Critical, High, Medium, or Low. |
Send Alert to | The email address, SNMP server, or syslog server that has been configured for the event handler. |
Enable | Right-click an event handler and select Enable in the pop-up menu. See “To enable an event handler:”. |
Disable | Right-click an event handler and select Disable in the pop-up menu. See “To disable an event handler:”. |