Event Management : Event handler : Manage event handlers
 
Manage event handlers
You can create traffic, event, and extended log handlers to monitor network traffic and events based on specific log filters. These log handlers can then be edited, deleted, cloned, and enabled or disabled as needed.
To create a new event handler:
1. Go to Event Management > Event Handler.
2. Select Create New in the toolbar, or right-click on an the entry and select Create New in the right-click menu.
The Create Event Handler page opens.
Figure 257: Create new event handler page
3. Configure the following settings:
Status
Enable or disable the event handler.
Name
Enter a name for the event handler.
Description
Enter a description for the event handler.
Devices
Select All FortiGates or select Specify and use the plus icon, , to add devices or log arrays.
Note: When creating a new event handler for FortiMail and FortiWeb, the All FortiGates option is a bug.
Severity
Select the severity from the drop-down list. Select one of the following: Critical, High, Medium, or Low.
Filters
 
Log Type
Select the log type from the drop-down list. The available options are: Traffic Log, Event Log, Application Control, DLP, IPS, Virus, and Web Filter.
 
Event Category
Select the category of event that this handler will monitor from the drop-down list. This option is only available when Log Type is set to Traffic Log.
 
Group by
Select the criterium by which the information will be grouped. This option is not available when Log Type is set to Traffic Log.
 
Log message that match
Select either All or Any of the Following Conditions.
 
Add Filter
Select the plus (+) symbol to add log filters.
 
 
Log Field
Select a log field to filter from the drop-down list. The available options will vary depending on the selected log type.
 
 
Match Criteria
Select a match criteria from the drop-down list. The available options will vary depending on the selected log field.
 
 
Value
Either select a value from the drop-down list, or enter a value in the text box. The available options will vary depending on the selected log field.
 
 
Delete
Select the delete icon, , to delete the filter. A minimum of one filter is required.
 
Generic Text Filter
Enter a generic text filter. For more information on creating a text filter, hover the cursor over the help icon, .
Event Handling
 
Generate alerts when at least
Enter threshold values to generate alerts. Enter the number, in the first text box, of each type of event that can occur in the number of minutes entered in the second text box.
 
Send Alert Email
Select the checkbox to enable. Enter an email address in the To and From text fields, enter a subject in the Subject field, and select the email server from the drop-down list.
 
Send SNMP Trap to
Select the checkbox to enable this feature. Select an SNMP community from the drop-down list.
 
Send Alert to Syslog Server
Select the checkbox to enable this feature. Select a syslog server from the drop-down list.
4. Select OK to create the new event handler.
To edit an event handler:
1. Go to Event Management > Event Handler.
2. Select an event handler entry and either select Edit in the toolbar, or right-click on the entry and select Edit in the pop-up menu. The Edit Event Handler page opens.
3. Edit the settings as required.
4. Select OK to save the configuration.
To clone an event handler:
1. Go to Event Management > Event Handler.
2. Select an event handler entry and either select Clone in the toolbar, or right-click on the entry and select Clone in the pop-up menu. The Clone Event Handler window opens.
3. Edit the settings as required.
4. Select OK to save the configuration.
To delete an event handler:
1. Go to Event Management > Event Handler.
2. Select an event handler entry and either select Delete in the toolbar, or right-click on the entry and select Delete in the pop-up menu.
3. Select OK in the confirmation dialog box to delete the event handler.
 
The default event handlers cannot be deleted. Use the right-click menu to enable or disable these event handlers.
To enable an event handler:
1. Go to Event Management > Event Handler.
2. Select an event handler entry, right-click and select Enable in the pop-up menu. The status field will display a green circle check mark icon.
To disable an event handler:
1. Go to Event Management > Event Handler.
2. Select an event handler entry, right-click and select Disable in the pop-up menu. The status field will display a grey circle x icon.