Event Management

Event Management

In the Event Management tab you can configure events handlers based on log type and logging filters. You can select to send the event to an email address, SNMP community, or syslog server. Events can be configured per device, for all devices, or for the local FortiAnalyzer. You can create event handlers for FortiGate and FortiCarrier devices. In v5.2.0 or later, Event Management supports local FortiAnalyzer event logs.

Events can also be monitored, and the logs associated with a given event can be viewed.

Events

The events page provides a list of the generated events. Right-clicking on an event in the table gives you the option of viewing event details including the raw log entries associated with that event, adding review notes, and acknowledging the event.

To view events, go to the Event Management tab and select Event Management > All Events. You can also view events by severity and by handler. When ADOMs are enabled, select the ADOM, and then select All Events.

Figure 112:Events page

 

The following information is displayed:

Time Period Select a time period from the drop-down list. Select one of: Last 30 mins, Last 1 hour, Last 4 hours, Last 12 hours, Last 1 day, Last 7 days, Last N hours, Last N days, All.

If applicable, enter the number of days or hours for N in the N text box.

Show

Acknowledged

Select to show or hide acknowledged events. Acknowledged events are greyed out in the list.
Search Search for a specific event.
Count The number of log entries associated with the event. Click the heading to sort events by count.
Event Name The name of the event. Click the heading to sort events by event name.
Severity The severity level of the event. Event severity level is a user configured variable. The severity can be Critical, High, Medium, or Low. Click the heading to sort events by severity.
Event Type The event type. For example, Traffic or Event. Click the heading to sort events by event type.
Additional Info Additional information about the event. Click the heading to sort events by additional information.
Last Occurrence The date and time that the event was created and added to the events page. Click the heading to sort events by last occurrence.
Pagination Adjust the number of logs that are listed per page and browse through the pages.

Right-click on an event in the list to open the right-click menu. The following options are available:

 View Details The Event Details page is displayed. See “Event details” on page 153.
 Acknowledge Acknowledge an event. If Show Acknowledge is not selected, the event will be hidden. See “Acknowledge events” on page 154.

Event details

Event details provides a summary of the event including the event name, severity, type, count, additional information, last occurrence, device, event handler, raw log entries, and review notes. You can also acknowledge and print events in this page.

To view log messages associated with an event:

  1. In the events list, either double-click on an event or right-click on an event then select View Details in the right-click menu.

The Event Details page opens.

Figure 113:Event details page

  1. The following information and options are available:
 Print Select the print icon to print the event details page. The log details pane is not printed.
 Return Select the return icon to return to the All Events page.
Event Name The name of the event, also displayed in the title bar.
Severity The severity level configured for the event handler.
Type The event category of the event handler.
Count The number of logged events associated with the event.
Additional Info This field either displays additional information for the event or a link to the FortiGuard Encyclopedia. A link will be displayed for AntiVirus, Application Control, and IPS event types.
Last Occurrence The date and time of the last occurrence.
Device The device hostname associated with the event.
Event Handler The name of the event handler associated with the event. Select the link to edit the event handler. See “Event handler” on page 155.
Text box Optionally, you can enter a 1023 character comment in the text field. Select the save icon, , to save the comment, or cancel, , to cancel your changes.
Logs The logs associated with the log event are displayed. The columns and log fields are dependent on the event type.
Pagination Adjust the number of logs that are listed per page and browse through the pages.
Log details Log details are shown in the lower content pane for the selected log. The details will vary based on the log type.
  1. Select the return icon, , to return to the All Events

Acknowledge events

You can select to acknowledge events to remove them from the event list. An option has been added to this page to allow you to show or hide these acknowledged events.

To acknowledge events:

  1. From the event list, select the event or events that you would like to acknowledge.
  2. Right-click and select Acknowledge in the right-click menu.

Select the Show Acknowledge checkbox in the toolbar to view acknowledged events.

One thought on “Event Management

  1. mike

    Thanks for nice share. I have some confusion regarding SNMP community and syslog server. I want to know what is thus, which purpose you want to use this.Would you please simplify thus things.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.