Real-time Monitor : FortiManager system alerts : Alerts event
 
Alerts event
Alert events define log message types, severities and sources which trigger administrator notification.
You can choose to notify administrators by email, SNMP, or syslog.
To view configured alert events, go to System Settings > Advanced > Alerts > Alerts Console.
Figure 170: Viewing alert events
Create New
Select to add a new alert event. For more information, see β€œTo add an alert event:”.
#
The order the alert events were created.
Name
The name of the alert event.
Threshold
The number of events that must occur in the given interval before an alert is generated.
Destination
The location where the FortiManager system sends the alert message.
This can be an email address, SNMP Trap or syslog server.
Delete icon
Select to remove an alert event.
Edit icon
Select to modify an alert event.
To add an alert event:
1. Go to System Settings > Advanced > Alerts > Alerts Event, and select Create New.
Figure 171: Adding alert events
2. Configure the following settings:
Name
Enter a unique name for the alert event.
Severity Level
Select the severity level to monitor for within the log messages, such as >=, and the severity of the log message to match, such as Critical.
For example, selecting Severity Level >= Warning, the FortiManager system will send alerts when an event log message has a level of Warning, Error, Critical, Alert and Emergency.
These options are used in conjunction with Log Filters to specify which log messages will trigger the FortiManager system to send an alert message.
Log Filters
Select Enable to activate log filters, and then enter log message filter text in the Generic Text field.
This text is used in conjunction with Severity Level to specify which log messages will trigger the FortiManager system to send an alert message.
Enter an entire word, which is delimited by spaces, as it appears in the log messages that you want to match. Inexact or incomplete words or phrases may not match. For example, entering log_i or log_it may not match; entering log_id=0100000075 will match all log messages containing that whole word.
Do not use special characters, such as quotes (β€˜) or asterisks (*). If the log message that you want to match contains special characters, consider entering a substring of the log message that does not contain special characters. For example, instead of entering User 'admin' deleted report 'Report_1', you might enter admin.
Threshold
Set the threshold or log message level frequency that the FortiManager system monitors before sending an alert message. For example, set the FortiManager system to send an alert only after it receives five emergency messages in an hour.
Destination
Select the location where the FortiManager system sends the alert message.
 
Send Alert To
Select an email address, SNMP trap or syslog server from the list.
You must configure the email server and address, SNMP traps, or syslog server before you can select them from the list.
For information on email server configuration, see
For information on configuring SNMP traps, see
For information on configuring syslog servers, see
 
Include Alert Severity
Select the alert severity value to include in the outgoing alert message information.
 
Add
Select to add the destination for the alert message. Add as many recipients as required.
 
Delete icon
Select to remove a destination.
3. Select OK.