log trigger-policy
Use this command to configure a trigger policy for use in the notification process.
You apply trigger policies to individual conditions that have an associated action and severity, such as attacks and rule violations. A trigger policy has the following components:
• an email policy (contains the details associated with the recipient email account)
• a Syslog policy (contains details required to communicate with the Syslog server)
• a FortiAnalyzer policy (contains the IP address of the remote FortiAnalyzer appliance)
The trigger policy determines whether an email is sent to administrators when a certain condition occurs and whether the log messages associated with the condition are stored on a Syslog server or FortiAnalyzer.
You define the email, Syslog, and FortiAnalyzer policies before you apply the trigger policy to an individual condition. For more information, see
“config log email-policy”,
“config log syslog-policy”, and
“config log fortianalyzer-policy”.
To use this command, your administrator account’s access control profile must have either
w or
rw permission to the
loggrp area. For more information, see
“Permissions”.
Syntax
config log trigger-policy
next
end
Variable | Description | Default |
<trigger-policy_name> | Type the name of a new or existing trigger policy. The maximum length is 35 characters. | No default. |
email-policy <email-policy_name> | Type the name of the email policy to be used with the trigger policy. The maximum length is 35 characters. If the conditions associated with the trigger policy occur, the email policy determines the recipients of the notification email messages associated with the condition. For more information, see “config log email-policy”. | No default. |
syslog-policy <syslog-policy_name> | Type the name of the Syslog policy to be used with the trigger policy. The maximum length is 35 characters. If the conditions associated with the trigger policy occur, the Syslog policy determines which Syslog server the messages are sent to. For more information, see “config log syslog-policy”. | No default. |
analyzer-policy <fortianalyzer-policy_name> | Type the name of an existing FortiAnalyzer policy to be used with the trigger policy. The maximum length is 35 characters. | No default. |
Example
This example creates Trigger_policy1, which uses emailpolicy1 to send email notifications about the condition to specific recipients, and Syslog_Policy1 to submit the log messages to a specific Syslog server.
config log trigger-policy
edit Trigger_policy1
set syslog-policy Syslog_Policy1
set email-policy emailpolicy1
next
end
Related topics