Monitoring your system > Alert email

Alert email

To notify you of serious attack and/or system failure events, you can configure the FortiWeb appliance to generate an alert email.

Alerts appear on the dashboard. FortiWeb will also generate alert e-mail if you configure email settings and include them in a trigger that is used by system resource thresholds and/or traffic policies.

Alert email are based upon events that are also in log messages. If you have received an alert email and want to know more about the events, go to the corresponding log messages. For information on viewing locally stored log messages, see Viewing log messages.

To configure alert email

1.  Configure email settings so that FortiWeb will be able to connect to an SMTP server that will deliver alerts. See Configuring email settings.

2.  If you want to receive email about attacks or policy violations, add the email settings to the trigger that is used by those policies. See Configuring triggers.

3.  If you want to receive email about system resource statuses, configure alert thresholds. See Logging.

4.  If you want to receive copies of event log messages via email, See Configuring alert email for event logs.

Configuring email settings

If you define email settings, FortiWeb can send email to alert specific administrators or other personnel when a serious condition or problem occurs, such as a system failure or network attack. Email settings include email address information for selected recipients and it sets the frequency that emails are sent to those recipients.

For example, you might configure a signature set to monitor for SQL-injection violations and take specific actions if those types of violations occur. The specific actions can include sending an alert email, in which case the email is sent to the individuals identified in the email settings attached to the trigger used for the SQL injection violation. The trigger could also include recording the violation in Syslog or FortiAnalyzer. For more information on Syslog or FortiAnalyzer settings, see Configuring Syslog settings and Configuring FortiAnalyzer policies.

The alert email settings also enables you to define the interval that emails are sent if the same alert condition persists following the initial occurrence.

For example, you might configure the FortiWeb appliance to send only one alert message for each 15-minute interval after warning-level log messages begin to be recorded. In that case, if the alert condition continues to occur for 35 minutes after the first warning-level log message, the FortiWeb appliance would send a total of three alert email messages, no matter how many warning-level log messages were recorded during that period of time.

For more information on the severity levels of log messages, see Log severity levels.

To configure email settings

1.  Enable alert email for each log type that you want to generate alert email. For details, see Logging.

2.  Go to Log&Report > Log Policy > Email Policy.

To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Log & Report category. For details, see Permissions.

3.  Click Create New.

A dialog appears.

4.  Configure these settings:

Setting name Description
SMTP server

Type the fully qualified domain name (FQDN, e.g. mail.example.com) or IP address of the SMTP relay or server, such as a FortiMail appliance, that the FortiWeb appliance uses to send alerts and generated reports.

Caution: If you enter a domain name, you must also configure the FortiWeb appliance with at least one DNS server. Failure to configure a DNS server may cause the FortiWeb appliance to be unable to resolve the domain name, and therefore unable to send the alert. For information on configuring use of a DNS server, see Configuring DNS settings.

SMTP Port Enter the port on the SMTP server that listens for alerts and generated reports from FortiWeb.
Email From Type the sender email address, such as FortiWeb@example.com, that the FortiWeb appliance will use when sending alert email messages.
Email To Type up to three recipient email addresses such as admin@example.com. Enter one per field.
Authentication Enable if the SMTP relay requires authentication.
SMTP Username

Type the user name of the account on the SMTP relay (e.g. FortiWeb) that FortiWeb uses to send alerts.

This option is available only if Authentication is enabled.

SMTP Password

Type the password of the account on the SMTP relay that FortiWeb uses to send alerts.

This option is available only if Authentication is enabled.

Apply & Test Click to save the current settings and test the connection to the SMTP server.
Log Level Select the priority threshold that log messages must meet or exceed in order to cause an alert. For more information on log levels, see Log severity levels.
Interval Type the number of minutes between each alert if an alert condition of the specified severity level continues to occur after the initial alert.
Connection Security

Select one of the following options:

  • NoneFortiWeb applies no security protocol to email.
  • STARTTLS — Encrypts the connection to the SMTP server using STARTTLS.
  • SSL/TLS — Encrypts the connection to the SMTP server using SSL/TLS.

5.  Click OK.

6.  Group the email settings in a trigger (see Configuring triggers).

7.  Add the appliance’s sender address (in the example above, FortiWeb@example.com) to your address book. Depending on your anti-spam software/device, you may also need to adjust other settings to ensure that email from this appliance is not accidentally dropped or tagged as spam.

8.  To verify your settings and connectivity to the email server/relay, click Apply & Test.

See also

Configuring alert email for event logs

You can configure FortiWeb to send an alert email for event log messages.

To configure alert email for event logs

1.  Go to Log&Report > Log Config > Global Log Settings.

To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Log & Report category. For details, see Permissions.

2.  Configure these settings:

Setting name Description
Alert Mail

Enable to generate alert email when log messages are created.

Distribution of alert email is controlled by email policies and trigger actions associated with various types of violations. If this option is enabled, but a trigger action is not selected for a specific type of violation, every occurrence of that violation will result in an alert email to the individuals associated with the policy selected in the Email Policy field.

Note: Alert email are not sent for traffic logs.

Note: Before enabling this option, verify that log frequency is not too great. If logs are very frequent, enabling this option could decrease performance and cause the FortiWeb appliance to send you many alert email messages.

  Email Policy Select the email settings to use for alert emails. For more information see Configuring email settings.

3.  Click Apply.

See also