Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiManager 5.6.9 CLI Reference
    5.6.9
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.8
    5.6.7
    5.6.7
    5.6.6
    5.6.6
    5.6.5
    5.6.5
    5.6.4
    5.6.4
    5.6.3
    5.6.3
    5.6.2
    5.6.2
    5.6.1
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.6
    5.4.5
    5.4.5
    5.4.4
    5.4.4
    5.4.3
    5.4.3
    5.4.2
    5.4.2
    5.4.1
    5.4.1
    5.4.0
    5.4.0
    5.2.10
    5.2.9
    5.2.9
    5.2.7
    5.2.7
    5.2.6
    5.2.6
    5.2.4
    5.2.4
    5.2.3
    5.2.3
    5.2.2
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.12
    5.0.11
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.0
    4.0.0

    alert-event

    alert-event

    Use alert-event commands to configure the FortiManager unit to monitor logs for log messages with certain severity levels, or information within the logs. If the message appears in the logs, the FortiManager unit sends an email or SNMP trap to a predefined recipient(s) of the log message encountered. Alert event messages provide immediate notification of issues occurring on the FortiManager unit.

    When configuring an alert email, you must configure at least one DNS server. The FortiGate unit uses the SMTP server name to connect to the mail server and must look up this name on your DNS server.

    alert-event was removed from the GUI in FortiManager version 5.0.3. This command has been kept in the CLI for customers who previously configured this function.

    Syntax

    config system alert-event

    edit <name_string>

    config alert-destination

    edit destination_id <integer>

    set type {mail | snmp | syslog}

    set from <email_address>

    set to <email_address>

    set smtp-name <server_name>

    set snmp-name <server_name>

    set syslog-name <server_name>

    end

    set enable-generic-text {enable | disable}

    set enable-severity-filter {enable | disable}

    set event-time-period {0.5 | 1 | 3 | 6 | 12 | 24 | 72 | 168}

    set generic-text <string>

    set num-events {1 | 5 | 10 | 50 | 100}

    set severity-filter {high | low | medium | medium-high | medium-low}

    set severity-level-comp {>= | = | <=}

    set severity-level-logs {no-check | information | notify | warning |error | critical | alert | emergency}

    end

    Variable

    Description

    <name_string>

    Enter a name for the alert event. Character limit: 63

    destination_id <integer>

    Enter the table sequence number, beginning at 1.

    type {mail | snmp | syslog}

    Select the alert event message method of delivery. The following options are available:

    • mail: Send email alert (default).
    • snmp: Send SNMP trap.
    • syslog: Send syslog message.

    from <email_address>

    Enter the email address of the sender of the message. This is available when the type is set to mail.

    to <email_address>

    Enter the recipient of the alert message. This is available when the type is set to mail.

    smtp-name <server_name>

    Enter the name of the mail server. This is available when the type is set to mail.

    snmp-name <server_name>

    Enter the snmp server name. This is available when the type is set to snmp.

    syslog-name <server_name>

    Enter the syslog server name or IPv4 address. This is available when the type is set to syslog.

    enable-generic-text {enable | disable}

    Enable the text alert option. Default: disable

    enable-severity-filter {enable | disable}

    Enable the severity filter option. Default: disable

    event-time-period {0.5 | 1 | 3 | 6 | 12 | 24 | 72 | 168}

    The period of time in hours during which if the threshold number is exceeded, the event will be reported. The following options are available:

    • 0.5: 30 minutes.
    • 1: 1 hour.
    • 3: 3 hours.
    • 6: 6 hours.
    • 12: 12 hours.
    • 24: 1 day.
    • 72: 3 days.
    • 168: 1 week.

    generic-text <string>

    Enter the text the alert looks for in the log messages. Character limit: 255

    num-events {1 | 5 | 10 | 50 | 100}

    Set the number of events that must occur in the given interval before it is reported.

    severity-filter {high | low | medium | medium-high | medium-low}

    Set the alert severity indicator for the alert message the FortiManager unit sends to the recipient. The following options are available:

    • high: High level alert.
    • low: Low level alert.
    • medium: Medium level alert.
    • medium-high: Medium-high level alert.
    • medium-low: Medium-low level alert.

    severity-level-comp {>= | = | <=}

    Set the severity level in relation to the log level. Log messages are monitored based on the log level. For example, alerts may be monitored if the messages are greater than, and equal to (>=) the Warning log level.

    severity-level-logs {no-check | information | notify | warning |error | critical | alert | emergency}

    Set the log level the FortiManager looks for when monitoring for alert messages. The following options are available:

    • no-check: Do not check severity level for this log type.
    • emergency: The unit is unusable.
    • alert: Immediate action is required.
    • critical: Functionality is affected.
    • error: Functionality is probably affected.
    • warning: Functionality might be affected.
    • notification: Information about normal events.
    • information: General information about unit operations.

    Example

    In the following example, the alert message is set to send an email to the administrator when 5 warning log messages appear over the span of three hours.

    config system alert-event

    edit warning

    config alert-destination

    edit 1

    set type mail

    set from fmgr@exmample.com

    set to admin@example.com

    set smtp-name mail.example.com

    end

    set enable-severity-filter enable

    set event-time-period 3

    set severity-level-log warning

    set severity-level-comp =

    set severity-filter medium

    end

    Previous
    Next

    alert-event

    alert-event

    Use alert-event commands to configure the FortiManager unit to monitor logs for log messages with certain severity levels, or information within the logs. If the message appears in the logs, the FortiManager unit sends an email or SNMP trap to a predefined recipient(s) of the log message encountered. Alert event messages provide immediate notification of issues occurring on the FortiManager unit.

    When configuring an alert email, you must configure at least one DNS server. The FortiGate unit uses the SMTP server name to connect to the mail server and must look up this name on your DNS server.

    alert-event was removed from the GUI in FortiManager version 5.0.3. This command has been kept in the CLI for customers who previously configured this function.

    Syntax

    config system alert-event

    edit <name_string>

    config alert-destination

    edit destination_id <integer>

    set type {mail | snmp | syslog}

    set from <email_address>

    set to <email_address>

    set smtp-name <server_name>

    set snmp-name <server_name>

    set syslog-name <server_name>

    end

    set enable-generic-text {enable | disable}

    set enable-severity-filter {enable | disable}

    set event-time-period {0.5 | 1 | 3 | 6 | 12 | 24 | 72 | 168}

    set generic-text <string>

    set num-events {1 | 5 | 10 | 50 | 100}

    set severity-filter {high | low | medium | medium-high | medium-low}

    set severity-level-comp {>= | = | <=}

    set severity-level-logs {no-check | information | notify | warning |error | critical | alert | emergency}

    end

    Variable

    Description

    <name_string>

    Enter a name for the alert event. Character limit: 63

    destination_id <integer>

    Enter the table sequence number, beginning at 1.

    type {mail | snmp | syslog}

    Select the alert event message method of delivery. The following options are available:

    • mail: Send email alert (default).
    • snmp: Send SNMP trap.
    • syslog: Send syslog message.

    from <email_address>

    Enter the email address of the sender of the message. This is available when the type is set to mail.

    to <email_address>

    Enter the recipient of the alert message. This is available when the type is set to mail.

    smtp-name <server_name>

    Enter the name of the mail server. This is available when the type is set to mail.

    snmp-name <server_name>

    Enter the snmp server name. This is available when the type is set to snmp.

    syslog-name <server_name>

    Enter the syslog server name or IPv4 address. This is available when the type is set to syslog.

    enable-generic-text {enable | disable}

    Enable the text alert option. Default: disable

    enable-severity-filter {enable | disable}

    Enable the severity filter option. Default: disable

    event-time-period {0.5 | 1 | 3 | 6 | 12 | 24 | 72 | 168}

    The period of time in hours during which if the threshold number is exceeded, the event will be reported. The following options are available:

    • 0.5: 30 minutes.
    • 1: 1 hour.
    • 3: 3 hours.
    • 6: 6 hours.
    • 12: 12 hours.
    • 24: 1 day.
    • 72: 3 days.
    • 168: 1 week.

    generic-text <string>

    Enter the text the alert looks for in the log messages. Character limit: 255

    num-events {1 | 5 | 10 | 50 | 100}

    Set the number of events that must occur in the given interval before it is reported.

    severity-filter {high | low | medium | medium-high | medium-low}

    Set the alert severity indicator for the alert message the FortiManager unit sends to the recipient. The following options are available:

    • high: High level alert.
    • low: Low level alert.
    • medium: Medium level alert.
    • medium-high: Medium-high level alert.
    • medium-low: Medium-low level alert.

    severity-level-comp {>= | = | <=}

    Set the severity level in relation to the log level. Log messages are monitored based on the log level. For example, alerts may be monitored if the messages are greater than, and equal to (>=) the Warning log level.

    severity-level-logs {no-check | information | notify | warning |error | critical | alert | emergency}

    Set the log level the FortiManager looks for when monitoring for alert messages. The following options are available:

    • no-check: Do not check severity level for this log type.
    • emergency: The unit is unusable.
    • alert: Immediate action is required.
    • critical: Functionality is affected.
    • error: Functionality is probably affected.
    • warning: Functionality might be affected.
    • notification: Information about normal events.
    • information: General information about unit operations.

    Example

    In the following example, the alert message is set to send an email to the administrator when 5 warning log messages appear over the span of three hours.

    config system alert-event

    edit warning

    config alert-destination

    edit 1

    set type mail

    set from fmgr@exmample.com

    set to admin@example.com

    set smtp-name mail.example.com

    end

    set enable-severity-filter enable

    set event-time-period 3

    set severity-level-log warning

    set severity-level-comp =

    set severity-filter medium

    end

    Previous
    Next