Create New Handler pane
Following is a description of the options available in the Create New Handler pane:
Field |
|
Description |
---|---|---|
Status |
Enable or disable the event handler. |
|
Name |
Add a name for the handler. |
|
Description |
Type a description of the event handler. |
|
Devices |
Select the devices to include.
|
|
Filters |
Configure one or more filters for the handler. You can add multiple filters each with its own set of filter settings. |
|
|
Log Type |
Select the log type from the dropdown list. When Devices is set to Local Device, you cannot change the Log Type or Log Subtype. |
|
Log Subtype |
Select the category of event that this handler monitors. The available options depends on the platform type. This option is only available when Log Type is set to Event Log or Traffic Log. |
|
Group By |
Select how to group the events. Some Group By selections allow a secondary Group By option. If available, click Add beside the Group By field to add a secondary Group By option. |
|
Logs match |
Select All or Any of the following conditions. |
|
Log Field |
Select a log field to filter from the dropdown list. The available options depends on the selected log type. |
|
Match Criteria |
Select a match criteria from the dropdown list. The available options depends on the selected log field. |
|
Value |
Either select a value from the dropdown list or enter a value in the text box. The available options depends on the selected log field. |
|
Add |
Add Log Field to the filter. |
|
Remove |
Delete the filter. |
|
Generic Text Filter |
Enter a generic text filter. For more information on creating a generic text filter, see Creating custom event handlers using the Generic Text Filter. For information on text format, hover the cursor over the help icon. The operator |
|
Generate alert when at least n matches occurred over a period of n minutes |
Enter threshold values to generate alerts. Enter the number of matching events that must occur in the number of minutes to generate an alert. |
|
Event Message |
If you wish, enter a custom event message. The default message is the Group By value. |
|
Event Status |
Select Allow FortiAnalyzer to choose or select a status from the dropdown list: Unhandled, Mitigated, Contained, or (Blank). |
|
Event Severity |
Select the severity from the dropdown list: Critical, High, Medium, or Low. |
|
Tags |
If you wish, enter custom tags. |
Notifications |
Configure alerts for the handler. |
|
|
Send Alert Email |
Send an alert by email. Specify email parameters including the mail server. For more information, see Mail Server. |
|
Send SNMP(...) Trap |
Select one or both checkboxes and specify an SNMP community or user from the dropdown list. Click the add icon to create a new SNMP community or user. For more information, see SNMP. |
|
Send Alert to Syslog Server |
Send an alert to the syslog server. Select a syslog server from the dropdown list. Click the add icon to create a new syslog server. For more information, see Syslog Server. |
|
Send Each Alert Separately |
Select to send each alert individually instead of in a group. |