Managing event handlers – FortiAnalyzer – FortiOS 6.2.3

Managing event handlers

To manage event handlers, go to Incidents & Events > Event Monitor> Event HandlerList.

FortiAnalyzer includes predefined event handlers that you can use to generate events.

This page lists both predefined and custom event handlers with a  icon for enabled event handlers and a  icon for disabled event handlers.

The following options are available:

Option   Description
Create New   Create a new event handler.
Edit   Edit the selected event handler.

Some fields in predefined event handlers cannot be modified, such as the name, description and filter settings. However, you can clone a predefined event handler and customize its settings. See Cloning event handlers on page 69.

Delete   Delete the selected event handler. You cannot delete predefined event handlers.
Clone   Clone the selected event handler. You can clone a predefined event handler and modify it to create a customized event handler.
Enable / Disable   Enable or disable the selected event handler to start or stop generating events on the Incidents & Events > Event Monitor> All Events page.
Option Description
Collapse All / Expand All Collapse or expand the Filters column.
Show Predefined Show or hide predefined handlers in the list.
Show Custom Show or hide custom handlers in the list.
Import / Export Export the selected event handlers or import an event handler you have exported. You can export one or more predefined or custom event handlers and import them into another ADOM or FortiAnalyzer.
Factory Reset If you have modified a predefined event handler, return the selected predefined event handler to its factory default settings.

Enabling event handlers

For both predefined and custom event handlers, you must enable the event handler to generate events. The Event

HandlerList page displays a  icon besides enabled event handlers and a  icon besides disabled event handlers.

If you want to receive alerts for predefined events handlers, edit the predefined event handler to configure notifications.

To enable event handlers:

  1. Go to Incidents & Events > Event Monitor> Event HandlerList.
  2. Select one or more event handlers and click More > Enable or right-click an event handler and select Enable.

Cloning event handlers

Most predefined event handler attributes cannot be modified, such as the name, description and filter settings. You can clone a predefined event handler and customize its settings, and give it a meaningful name that shows its function.

To clone a predefined event handler:

  1. Select a predefined event handler and in the toolbar, click Clone or right-click a predefined event handler and select Clone.
  2. Configure the settings as required and click OK. For a description of the fields, see Creating a custom event handler on page 64.
  3. Click OK to clone the predefined event handler.

Resetting event handlers to factory defaults

You can change predefined event handlers as needed. If required, you can restore predefined event handlers to factory default settings. The Factory Reset option is only available for predefined event handlers that have been changed.

To reset predefined event handlers:

  1. Go to Incidents & Events > Event Monitor> Event HandlerList.
  2. In the More menu, ensure Show Predefined is selected.
  3. Right-click an event handler and select Factory Reset or select one or more predefined event handlers and click More > Factory Reset.
This entry was posted in Administration Guides, FortiAnalyzer, FortiOS, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.