Fortinet black logo

Handbook

Configuring Automation Triggers

Configuring Automation Triggers

On the Security Fabric > Automation > Trigger tab, you can view the list of available automation trigger events that are predefined or user-defined. After defining your automation triggers, you can combine them with response actions to create an automation stitch. For details, see Creating automation stitches

FortiADC supports eight trigger event types, wherein some events are predefined and some must be user-defined.

Predefined Triggers:
  • Security Events — Uses security events such as "DDoS SYNFLOOD attack start" or "bot detected" as the alert trigger.
  • HA Failover — Uses HA failover events such as "HA peer lost" as the alert trigger.
  • System Events — Uses system events such as "bad PSU fan" or "good device fan" as the alert trigger.

See Predefined automation trigger events for the full list of predefined events available for each trigger type.

User-defined Triggers:
  • SLB Metrics — Uses server load balance performance metrics as the alert trigger.
  • Period Block IP — Uses the FortiADC Source IP addresses that have been blocked by WAF as trigger events for the automated response actions. To view or release the blocked IPs, see Blocked IP.
  • System Metrics — Uses system metrics such as "average CPU usage" or "average memory usage" as the alert trigger.
  • Interface Metrics — Uses network interface events as the alert trigger.
  • Schedule — Uses user-defined schedules as the alert trigger.
  • FortiADC Log — Uses a specific FortiADC logged event occurrence (identified through log ID) as the alert trigger.

Before you begin:
  • You must have Global Administrator access. Ensure that your admin account settings has Global Admin set to Yes. For more information, see Creating administrator users.

SLB Metrics

To configure an SLB Metrics trigger alert:
  1. Go to Security Fabric > Automation.
  2. Click the Trigger tab.
  3. Click Create New to display the Create New Automation Trigger configuration page.
  4. Under the System section, click SLB Metrics to display the configuration editor.
  5. Configure the following trigger alert settings:

    Setting

    Description

    NameEnter a name for the new SLB Metrics trigger alert. The configuration name cannot be edited once it has been saved.
    DescriptionOptionally, you can add a description about this trigger alert configuration.
    SLB Instance

    Select the virtual server on which the SLB Metrics trigger applies.

    DurationSpecify the metric duration in seconds. Range: 5-3600 seconds.
  6. Click OK to commit the SLB Metrics trigger settings.
    Once the SLB Metrics trigger alert configuration has been saved, you can then add the alert member configurations under the Alert Metric Expire Member section.
  7. Under the Alert Metric Expire Member section, click Create New to display the configuration editor.
  8. Configure the following trigger alert member settings:

    Setting

    Description

    NameEnter a name for the new SLB Metrics trigger alert member. The configuration name cannot be edited once it has been saved.
    Metric Occurs

    Select the server load balance performance metric events that will trigger the action.

    Comparator

    The metric is compared to the Value field according to the selected option:

    • Ge—greater than

    • Le—less than

    • Eq—equal to

    The action will be triggered if the specified value satisfies the selected option.

    Value

    Specify the metric value that the Comparator uses to determine if the metric triggers an action (for example, 2 milliseconds).

  9. Click OK to commit the trigger alert member settings.
    The newly created trigger alert member is added under the Alert Metric Expire Member section.
  10. Click OK to save the SLB Metrics trigger alert configuration.

System Metrics

To configure a System Metrics trigger alert:
  1. Go to Security Fabric > Automation.
  2. Click the Trigger tab.
  3. Click Create New to display the Create New Automation Trigger configuration page.
  4. Under the System section, click System Metrics to display the configuration editor.
  5. Configure the following trigger alert settings:

    Setting

    Description

    NameEnter a name for the new System Metrics trigger alert. The configuration name cannot be edited once it has been saved.
    DescriptionOptionally, you can add a description about this trigger alert configuration.
    DurationSpecify the metric duration in seconds. Range: 5-3600 seconds.
  6. Click OK to commit the System Metrics trigger settings.
    Once the System Metrics trigger alert configuration has been saved, you can then add the alert member configurations under the Alert Metric Expire Member section.
  7. Under the Alert Metric Expire Member section, click Create New to display the configuration editor.
  8. Configure the following trigger alert member settings:

    Setting

    Description

    NameEnter a name for the new System Metrics trigger alert member. The configuration name cannot be edited once it has been saved.
    Metric Occurs

    Select the system metrics events (average CPU usage, average memory usage, etc.) that will trigger the action.

    Comparator

    The metric is compared to the Value field according to the selected option:

    • Ge—greater than

    • Le—less than

    • Eq—equal to

    The action will be triggered if the specified value satisfies the selected option.

    Value

    Specify the metric value that the Comparator uses to determine if the metric triggers an action (for example, 2 milliseconds).

  9. Click OK to commit the trigger alert member settings.
    The newly created trigger alert member is added under the Alert Metric Expire Member section.
  10. Click OK to save the System Metrics trigger alert configuration.

Interface Metrics

To configure an Interface Metrics trigger alert:
  1. Go to Security Fabric > Automation.
  2. Click the Trigger tab.
  3. Click Create New to display the Create New Automation Trigger configuration page.
  4. Under the System section, click Interface Metrics to display the configuration editor.
  5. Configure the following trigger alert settings:

    Setting

    Description

    NameEnter a name for the new Interface Metrics trigger alert. The configuration name cannot be edited once it has been saved.
    DescriptionOptionally, you can add a description about this trigger alert configuration.
    Instance

    Select the network interface on which the Interface Metrics trigger applies.

    DurationSpecify the metric duration in seconds. Range: 5-3600 seconds.
  6. Click OK to commit the Interface Metrics trigger settings.
    Once the Interface Metrics trigger alert configuration has been saved, you can then add the alert member configurations under the Alert Metric Expire Member section.
  7. Under the Alert Metric Expire Member section, click Create New to display the configuration editor.
  8. Configure the following trigger alert member settings:

    Setting

    Description

    NameEnter a name for the new Interface Metrics trigger alert member. The configuration name cannot be edited once it has been saved.
    Metric Occurs

    Select the network interface events that will trigger the action.

    Comparator

    The metric is compared to the Value field according to the selected option:

    • Ge—greater than

    • Le—less than

    • Eq—equal to

    The action will be triggered if the specified value satisfies the selected option.

    Value

    Specify the metric value that the Comparator uses to determine if the metric triggers an action (for example, 2 milliseconds).

  9. Click OK to commit the trigger alert member settings.
    The newly created trigger alert member is added under the Alert Metric Expire Member section.
  10. Click OK to save the Interface Metrics trigger alert configuration.

Schedule

To configure a Schedule trigger alert:
  1. Go to Security Fabric > Automation.
  2. Click the Trigger tab.
  3. Click Create New to display the Create New Automation Trigger configuration page.
  4. Under the Miscellaneous section, click Schedule to display the configuration editor.
  5. Configure the following trigger alert settings:

    Setting

    Description

    NameEnter a name for the new Schedule trigger alert. The configuration name cannot be edited once it has been saved.
    DescriptionOptionally, you can add a description about this trigger alert configuration.
    Schedule OccursSelect a user-defined schedule group object or create a new schedule group. For details, see Schedule Group.
  6. Click OK.

FortiADC Log

You can configure a FortiADC Log trigger for when a specific event log ID occurs. You can select multiple event log IDs, and apply log field filters.

Exact information from the Event Log is required to configure the FortiADC Log trigger alert, so it is recommended that you download the specific log files to obtain the information prior to beginning the configuration.

To configure a FortiADC Log trigger alert:
  1. Go to Security Fabric > Automation.
  2. Click the Trigger tab.
  3. Click Create New to display the Create New Automation Trigger configuration page.
  4. Under the Miscellaneous section, click FortiADC Log to display the configuration editor.

    You can view the last 4 digits of the log ID by hovering over the event entry in the Log Event list.
  5. Configure the following trigger alert settings:

    Setting

    Description

    NameEnter a name for the new FortiADC Log trigger alert. The configuration name cannot be edited once it has been saved.
    DescriptionOptionally, you can add a description about this trigger alert configuration.
    Event

    Select the FortiADC Log event (identified through the log ID) that will trigger the automation stitch.

    The Event options correspond to the Message listed in the FortiADC event log. Hover over an entry to view the tooltip that includes the Log Event and Log ID. The Log ID refers to the last 4 digits of the Log ID from the event log.

    The maximum is 32 log events per trigger configuration.

    Field Filters

    Enter the Field name and the Value of the logged event that will trigger the automation stitch.
    The Field name and Value refers to the "key" and its value as it is recorded in the log file. To successfully trigger an automation stitch using the FortiADC Log trigger alert, the field name and value must match what is recorded in the log file exactly.

    • Field name — Enter the field name as it appears exactly in the log file.

    • Value — Specify the value of the specified field name as it appears exactly in the log file.

  6. Click OK.
Example: Create a FortiADC Log trigger alert for failed logins

In this example, you will create a FortiADC Log alert to trigger when a login fails due to incorrect password input.

  1. Download the required event log file to obtain the specific information to use in the FortiADC Log trigger configuration.
    1. Go to Log & Report > Event Log.
    2. Locate the "Admin login" event log.
    3. Download the log file.
  2. Open the log file to obtain the required information.
    date=2023-12-13 time=10:28:41 log_id=0001001000 type=event subtype=admin pri=information vd=root msg_id=32713167 user=admin ui=172.19.162.70 action=login status=failure reason=passwd_invalid logdesc=Admin login msg=User admin login successfully from 172.19.162.70

    Copy the log id and reason fields and their values to use in later steps.

  3. Go to Security Fabric > Automation, click the Trigger tab and Create New.
  4. Click FortiADC Log to configure a new FortiADC Log automation trigger using the event log information collected earlier.

    1. Select the Event as Log id admin login. The last 4 digits of the "log id" from the log file should match the "Log ID" of the selected log event entry.
    2. Enter the Field name as reason and Value as passwd_invalid.
    3. Click OK.
Predefined automation trigger events

Trigger

Events

Security Events

Bot Detected

Brute Force Detected

CORS Violate Detected

CSRF Violate Detected

Data Leak Violate Detected

DDoS HTTP Access Limit

DDoS HTTP Connection Flood

DDoS HTTP Request Flood

DDoS IP Fragmentation

DDoS SYNFLOOD attack start

DDoS SYNFLOOD attack stop

DDoS TCP Access Flood

DDoS TCP Slow Data Attack

Generic Attack Detected

Geo Violate Detected

HTML Validation Detected

JSON Violate Detected

OPENAPI Violate Detected

Protocol Constraint Detected

Reputation Violate Detected

Request Blocked

SEC Biometrics Base Detected

SEC Threshold Violate Detected

SOAP Violate Detected

SQL Injection Attack Detected

URL Pattern Violate Detected

Virtual Server Authentication Fail

Web Anti Defacement Detected

XML Violate Detected

XSS Attack Detected

HA Failover

HA Master Failover

HA Peer Lost

System Events

Admin user login failed and blocked IP

ARP Conflict

Bad Device Fan

Bad PSU Fan

Certification Expire

Config Create

Config Delete

Config Update

CRL Expires

Device Rebooted

Device Upgrade Completed

FW SNAT Port Exhausted

Gateway HC Down

Gateway HC Up

Gateway Inbound Bandwidth

Gateway Inbound Spillover

Gateway Outbound Bandwidth

Gateway Outbound Spillover

Gateway Total Spillover

GLB GW Available

GLB GW Not Available

GLB Real Server Available

GLB Real Server Not Available

GLB Virtual Server Available

GLB Virtual Server Not Available

Good Device Fan

Good PSU Fan

High CPU Temp

High CPU Usage

High Device Temp

High Disk Usage

High Memory Usage

High Power Supply

High PSU Temp

High PSU Voltage

High Voltage

Link Group HC Down

Link Group HC Up

Log Full

Logical Interface Disabled

Logical Interface Down

Logical Interface Up

Lost Log Disk

Low Power Supply

Low PSU Voltage

Low Voltage

Normal CPU Temp

Normal Device Temp

Normal PSU Temp

OCSP Response Expires

PSU Failure

Real Server Connection Limit Start

Real Server Connection Limit Stop

Real Server Connection Rate Start

Real Server Connection Rate Stop

Real Server Disabled

Real Server Enabled

Real Server HC Down

Real Server HC Up

Real Server Maintain Mode

Slow Device Fan

Slow PSU Fan

SSD MWI Near Threshold

SSD MWI Reached Threshold

SSL Certificate Revoked

User Login

User Logout

Virtual Server Connection Limit Start

Virtual Server Connection Limit Stop

Virtual Server Connection Rate Start

Virtual Server Connection Rate Stop

Virtual Server Disabled

Virtual Server Down

Virtual Server Enabled

Virtual Server IP Pool Limit

Virtual Server Maintain Mode

Virtual Server Transaction Rate Start

Virtual Server Transaction Rate Stop

Virtual Server Up

Configuring Automation Triggers

On the Security Fabric > Automation > Trigger tab, you can view the list of available automation trigger events that are predefined or user-defined. After defining your automation triggers, you can combine them with response actions to create an automation stitch. For details, see Creating automation stitches

FortiADC supports eight trigger event types, wherein some events are predefined and some must be user-defined.

Predefined Triggers:
  • Security Events — Uses security events such as "DDoS SYNFLOOD attack start" or "bot detected" as the alert trigger.
  • HA Failover — Uses HA failover events such as "HA peer lost" as the alert trigger.
  • System Events — Uses system events such as "bad PSU fan" or "good device fan" as the alert trigger.

See Predefined automation trigger events for the full list of predefined events available for each trigger type.

User-defined Triggers:
  • SLB Metrics — Uses server load balance performance metrics as the alert trigger.
  • Period Block IP — Uses the FortiADC Source IP addresses that have been blocked by WAF as trigger events for the automated response actions. To view or release the blocked IPs, see Blocked IP.
  • System Metrics — Uses system metrics such as "average CPU usage" or "average memory usage" as the alert trigger.
  • Interface Metrics — Uses network interface events as the alert trigger.
  • Schedule — Uses user-defined schedules as the alert trigger.
  • FortiADC Log — Uses a specific FortiADC logged event occurrence (identified through log ID) as the alert trigger.

Before you begin:
  • You must have Global Administrator access. Ensure that your admin account settings has Global Admin set to Yes. For more information, see Creating administrator users.

SLB Metrics

To configure an SLB Metrics trigger alert:
  1. Go to Security Fabric > Automation.
  2. Click the Trigger tab.
  3. Click Create New to display the Create New Automation Trigger configuration page.
  4. Under the System section, click SLB Metrics to display the configuration editor.
  5. Configure the following trigger alert settings:

    Setting

    Description

    NameEnter a name for the new SLB Metrics trigger alert. The configuration name cannot be edited once it has been saved.
    DescriptionOptionally, you can add a description about this trigger alert configuration.
    SLB Instance

    Select the virtual server on which the SLB Metrics trigger applies.

    DurationSpecify the metric duration in seconds. Range: 5-3600 seconds.
  6. Click OK to commit the SLB Metrics trigger settings.
    Once the SLB Metrics trigger alert configuration has been saved, you can then add the alert member configurations under the Alert Metric Expire Member section.
  7. Under the Alert Metric Expire Member section, click Create New to display the configuration editor.
  8. Configure the following trigger alert member settings:

    Setting

    Description

    NameEnter a name for the new SLB Metrics trigger alert member. The configuration name cannot be edited once it has been saved.
    Metric Occurs

    Select the server load balance performance metric events that will trigger the action.

    Comparator

    The metric is compared to the Value field according to the selected option:

    • Ge—greater than

    • Le—less than

    • Eq—equal to

    The action will be triggered if the specified value satisfies the selected option.

    Value

    Specify the metric value that the Comparator uses to determine if the metric triggers an action (for example, 2 milliseconds).

  9. Click OK to commit the trigger alert member settings.
    The newly created trigger alert member is added under the Alert Metric Expire Member section.
  10. Click OK to save the SLB Metrics trigger alert configuration.

System Metrics

To configure a System Metrics trigger alert:
  1. Go to Security Fabric > Automation.
  2. Click the Trigger tab.
  3. Click Create New to display the Create New Automation Trigger configuration page.
  4. Under the System section, click System Metrics to display the configuration editor.
  5. Configure the following trigger alert settings:

    Setting

    Description

    NameEnter a name for the new System Metrics trigger alert. The configuration name cannot be edited once it has been saved.
    DescriptionOptionally, you can add a description about this trigger alert configuration.
    DurationSpecify the metric duration in seconds. Range: 5-3600 seconds.
  6. Click OK to commit the System Metrics trigger settings.
    Once the System Metrics trigger alert configuration has been saved, you can then add the alert member configurations under the Alert Metric Expire Member section.
  7. Under the Alert Metric Expire Member section, click Create New to display the configuration editor.
  8. Configure the following trigger alert member settings:

    Setting

    Description

    NameEnter a name for the new System Metrics trigger alert member. The configuration name cannot be edited once it has been saved.
    Metric Occurs

    Select the system metrics events (average CPU usage, average memory usage, etc.) that will trigger the action.

    Comparator

    The metric is compared to the Value field according to the selected option:

    • Ge—greater than

    • Le—less than

    • Eq—equal to

    The action will be triggered if the specified value satisfies the selected option.

    Value

    Specify the metric value that the Comparator uses to determine if the metric triggers an action (for example, 2 milliseconds).

  9. Click OK to commit the trigger alert member settings.
    The newly created trigger alert member is added under the Alert Metric Expire Member section.
  10. Click OK to save the System Metrics trigger alert configuration.

Interface Metrics

To configure an Interface Metrics trigger alert:
  1. Go to Security Fabric > Automation.
  2. Click the Trigger tab.
  3. Click Create New to display the Create New Automation Trigger configuration page.
  4. Under the System section, click Interface Metrics to display the configuration editor.
  5. Configure the following trigger alert settings:

    Setting

    Description

    NameEnter a name for the new Interface Metrics trigger alert. The configuration name cannot be edited once it has been saved.
    DescriptionOptionally, you can add a description about this trigger alert configuration.
    Instance

    Select the network interface on which the Interface Metrics trigger applies.

    DurationSpecify the metric duration in seconds. Range: 5-3600 seconds.
  6. Click OK to commit the Interface Metrics trigger settings.
    Once the Interface Metrics trigger alert configuration has been saved, you can then add the alert member configurations under the Alert Metric Expire Member section.
  7. Under the Alert Metric Expire Member section, click Create New to display the configuration editor.
  8. Configure the following trigger alert member settings:

    Setting

    Description

    NameEnter a name for the new Interface Metrics trigger alert member. The configuration name cannot be edited once it has been saved.
    Metric Occurs

    Select the network interface events that will trigger the action.

    Comparator

    The metric is compared to the Value field according to the selected option:

    • Ge—greater than

    • Le—less than

    • Eq—equal to

    The action will be triggered if the specified value satisfies the selected option.

    Value

    Specify the metric value that the Comparator uses to determine if the metric triggers an action (for example, 2 milliseconds).

  9. Click OK to commit the trigger alert member settings.
    The newly created trigger alert member is added under the Alert Metric Expire Member section.
  10. Click OK to save the Interface Metrics trigger alert configuration.

Schedule

To configure a Schedule trigger alert:
  1. Go to Security Fabric > Automation.
  2. Click the Trigger tab.
  3. Click Create New to display the Create New Automation Trigger configuration page.
  4. Under the Miscellaneous section, click Schedule to display the configuration editor.
  5. Configure the following trigger alert settings:

    Setting

    Description

    NameEnter a name for the new Schedule trigger alert. The configuration name cannot be edited once it has been saved.
    DescriptionOptionally, you can add a description about this trigger alert configuration.
    Schedule OccursSelect a user-defined schedule group object or create a new schedule group. For details, see Schedule Group.
  6. Click OK.

FortiADC Log

You can configure a FortiADC Log trigger for when a specific event log ID occurs. You can select multiple event log IDs, and apply log field filters.

Exact information from the Event Log is required to configure the FortiADC Log trigger alert, so it is recommended that you download the specific log files to obtain the information prior to beginning the configuration.

To configure a FortiADC Log trigger alert:
  1. Go to Security Fabric > Automation.
  2. Click the Trigger tab.
  3. Click Create New to display the Create New Automation Trigger configuration page.
  4. Under the Miscellaneous section, click FortiADC Log to display the configuration editor.

    You can view the last 4 digits of the log ID by hovering over the event entry in the Log Event list.
  5. Configure the following trigger alert settings:

    Setting

    Description

    NameEnter a name for the new FortiADC Log trigger alert. The configuration name cannot be edited once it has been saved.
    DescriptionOptionally, you can add a description about this trigger alert configuration.
    Event

    Select the FortiADC Log event (identified through the log ID) that will trigger the automation stitch.

    The Event options correspond to the Message listed in the FortiADC event log. Hover over an entry to view the tooltip that includes the Log Event and Log ID. The Log ID refers to the last 4 digits of the Log ID from the event log.

    The maximum is 32 log events per trigger configuration.

    Field Filters

    Enter the Field name and the Value of the logged event that will trigger the automation stitch.
    The Field name and Value refers to the "key" and its value as it is recorded in the log file. To successfully trigger an automation stitch using the FortiADC Log trigger alert, the field name and value must match what is recorded in the log file exactly.

    • Field name — Enter the field name as it appears exactly in the log file.

    • Value — Specify the value of the specified field name as it appears exactly in the log file.

  6. Click OK.
Example: Create a FortiADC Log trigger alert for failed logins

In this example, you will create a FortiADC Log alert to trigger when a login fails due to incorrect password input.

  1. Download the required event log file to obtain the specific information to use in the FortiADC Log trigger configuration.
    1. Go to Log & Report > Event Log.
    2. Locate the "Admin login" event log.
    3. Download the log file.
  2. Open the log file to obtain the required information.
    date=2023-12-13 time=10:28:41 log_id=0001001000 type=event subtype=admin pri=information vd=root msg_id=32713167 user=admin ui=172.19.162.70 action=login status=failure reason=passwd_invalid logdesc=Admin login msg=User admin login successfully from 172.19.162.70

    Copy the log id and reason fields and their values to use in later steps.

  3. Go to Security Fabric > Automation, click the Trigger tab and Create New.
  4. Click FortiADC Log to configure a new FortiADC Log automation trigger using the event log information collected earlier.

    1. Select the Event as Log id admin login. The last 4 digits of the "log id" from the log file should match the "Log ID" of the selected log event entry.
    2. Enter the Field name as reason and Value as passwd_invalid.
    3. Click OK.
Predefined automation trigger events

Trigger

Events

Security Events

Bot Detected

Brute Force Detected

CORS Violate Detected

CSRF Violate Detected

Data Leak Violate Detected

DDoS HTTP Access Limit

DDoS HTTP Connection Flood

DDoS HTTP Request Flood

DDoS IP Fragmentation

DDoS SYNFLOOD attack start

DDoS SYNFLOOD attack stop

DDoS TCP Access Flood

DDoS TCP Slow Data Attack

Generic Attack Detected

Geo Violate Detected

HTML Validation Detected

JSON Violate Detected

OPENAPI Violate Detected

Protocol Constraint Detected

Reputation Violate Detected

Request Blocked

SEC Biometrics Base Detected

SEC Threshold Violate Detected

SOAP Violate Detected

SQL Injection Attack Detected

URL Pattern Violate Detected

Virtual Server Authentication Fail

Web Anti Defacement Detected

XML Violate Detected

XSS Attack Detected

HA Failover

HA Master Failover

HA Peer Lost

System Events

Admin user login failed and blocked IP

ARP Conflict

Bad Device Fan

Bad PSU Fan

Certification Expire

Config Create

Config Delete

Config Update

CRL Expires

Device Rebooted

Device Upgrade Completed

FW SNAT Port Exhausted

Gateway HC Down

Gateway HC Up

Gateway Inbound Bandwidth

Gateway Inbound Spillover

Gateway Outbound Bandwidth

Gateway Outbound Spillover

Gateway Total Spillover

GLB GW Available

GLB GW Not Available

GLB Real Server Available

GLB Real Server Not Available

GLB Virtual Server Available

GLB Virtual Server Not Available

Good Device Fan

Good PSU Fan

High CPU Temp

High CPU Usage

High Device Temp

High Disk Usage

High Memory Usage

High Power Supply

High PSU Temp

High PSU Voltage

High Voltage

Link Group HC Down

Link Group HC Up

Log Full

Logical Interface Disabled

Logical Interface Down

Logical Interface Up

Lost Log Disk

Low Power Supply

Low PSU Voltage

Low Voltage

Normal CPU Temp

Normal Device Temp

Normal PSU Temp

OCSP Response Expires

PSU Failure

Real Server Connection Limit Start

Real Server Connection Limit Stop

Real Server Connection Rate Start

Real Server Connection Rate Stop

Real Server Disabled

Real Server Enabled

Real Server HC Down

Real Server HC Up

Real Server Maintain Mode

Slow Device Fan

Slow PSU Fan

SSD MWI Near Threshold

SSD MWI Reached Threshold

SSL Certificate Revoked

User Login

User Logout

Virtual Server Connection Limit Start

Virtual Server Connection Limit Stop

Virtual Server Connection Rate Start

Virtual Server Connection Rate Stop

Virtual Server Disabled

Virtual Server Down

Virtual Server Enabled

Virtual Server IP Pool Limit

Virtual Server Maintain Mode

Virtual Server Transaction Rate Start

Virtual Server Transaction Rate Stop

Virtual Server Up