Fortinet black logo

New Features

Consolidate Event Handlers for FortiGate System Events

Copy Link
Copy Doc ID bc40d227-4cc1-11e9-94bf-00505692583a:519872
Download PDF

Consolidate Event Handlers for FortiGate System Events

In 6.0, there are several pre-defined event handlers related to FortiGate System Events. To simplify the configuration, these are now grouped into a single event handler with multiple filters.

To view the consolidated FOS event handler:
  1. In FortiAnalyzer, go to Incidents & Events > Event Handler List.
  2. The previous pre-defined FortiGate event handlers have been replaced with an updated FortiGate event handler, Default FOS System Events, which includes eight filters:
    • Any log with a severity warning and error.
    • Any log with a severity of critical and up.
    • Wireless events with a severity below warning.
    • Compliance events with a severity below warning.
    • Maintenance events with a severity below warning.
    • Interface, tunnel, VPN, and connection events with a severity below warning.
    • Authentication events with a severity below warning.
    • Quarantine and automation events with a severity below warning.

    Screenshot of new consolidated FOS event log handler

Example of FOS event handler consolidation:
  • The legacy FOS Event Log Higher Than Warning (top-left in the example below) is now covered by the new Default FOS System Events Filter 1 and Filter 2 (right).
  • The legacy Conserve Mode (bottom-left) is now covered by the new Default FOS System Events Filter 2 (right - the level of the log entered in conserve mode is Critical).

Screenshot comparison between legacy and new handler

Example of an event generated by the new consolidated handler with the log: System entered conserve mode.

Screenshot of conserve mode by new handler

Example of an event generated by the legacy Conserve Mode handler with the log: System entered conserve mode.

Screenshot of conserve mode by legacy handler

Related Videos

sidebar video

Consolidated FortiOS System Event Handler

  • 519 views
  • 5 years ago

More Links

Consolidate Event Handlers for FortiGate System Events

In 6.0, there are several pre-defined event handlers related to FortiGate System Events. To simplify the configuration, these are now grouped into a single event handler with multiple filters.

To view the consolidated FOS event handler:
  1. In FortiAnalyzer, go to Incidents & Events > Event Handler List.
  2. The previous pre-defined FortiGate event handlers have been replaced with an updated FortiGate event handler, Default FOS System Events, which includes eight filters:
    • Any log with a severity warning and error.
    • Any log with a severity of critical and up.
    • Wireless events with a severity below warning.
    • Compliance events with a severity below warning.
    • Maintenance events with a severity below warning.
    • Interface, tunnel, VPN, and connection events with a severity below warning.
    • Authentication events with a severity below warning.
    • Quarantine and automation events with a severity below warning.

    Screenshot of new consolidated FOS event log handler

Example of FOS event handler consolidation:
  • The legacy FOS Event Log Higher Than Warning (top-left in the example below) is now covered by the new Default FOS System Events Filter 1 and Filter 2 (right).
  • The legacy Conserve Mode (bottom-left) is now covered by the new Default FOS System Events Filter 2 (right - the level of the log entered in conserve mode is Critical).

Screenshot comparison between legacy and new handler

Example of an event generated by the new consolidated handler with the log: System entered conserve mode.

Screenshot of conserve mode by new handler

Example of an event generated by the legacy Conserve Mode handler with the log: System entered conserve mode.

Screenshot of conserve mode by legacy handler