Add or modify alarm mapping
- Select Logs > Events & Alarms > Mappings.
- Click Add or double-click on an existing mapping to modify it.
- Refer to the table below for detailed information about each field.
- The new mapping is enabled by default. If you wish to disable it, remove the check mark from the Enabled check box.
-
In the Apply To section, select the element affected by this mapping. You can apply mappings to all elements, a single group of elements, or specific elements.
Available selections vary depending upon the selected trigger event.
- Click the box and select an element from the drop-down list.
- If you choose to Apply To a Group, you can select a group from the list or use the icons next to the group field to add a new group or modify the group shown in the drop-down list. Note that if you modify a group, it is modified for all features that make use of that group. See Add groups for additional information.
- Select the Notify Users settings.
- If you choose to notify users, you can select an admin group from the list or use the icons next to the Group field to add a new group or modify the group shown in the drop-down list. Note that if you modify a group, it is modified for all features that make use of that group. See Add groups for additional information.
- Select the Trigger Rule for the event from the drop-down list. Rules determine when an Event triggers the creation of an Alarm.
- If you enable the Action option, select the action to take when the event occurs and the alarm is asserted. These are basic actions that FortiNAC executes on a given alarm.
- Action parameters display. Select the Primary Task from the drop-down list.
- For some actions there is a secondary task. If desired, click the Enable box in the Run Secondary Task section, select Min, Hr, or Day and enter the corresponding value.
- Click OK. The new mapping is saved and appears in the Event/Alarm Map View.
Settings
Field |
Definition |
---|---|
Alarm definition |
|
Enabled |
If checked, the alarm mapping is enabled. Default = Enabled. |
Trigger Event |
Event that causes the alarm. Whenever this event occurs, its associated alarm is generated. The alarm is automatically listed when you select the event. |
Alarm to Assert |
The alarm generated when the event occurs. |
Severity |
Sets the severity of the alarm. Select one of the values from the drop-down list: Critical, Informational, Minor, and Warning. This value may be changed for existing Alarm and Event mappings. |
Clear on Event |
To automatically clear the alarm when a specific event occurs, select this check box. Select the event that, when generated, causes this alarm to be removed. If you leave the check box unchecked, you must manually clear the alarm. Default = Unchecked (Disabled) |
Send Alarm to External Log Hosts |
The alarm is sent to an external log host when the trigger event occurs, select this check box. See Log receivers for details on configuring an external log host. Default = Unchecked (Disabled) |
Send Alarm to Custom Script |
You can specify a particular command line script to be executed when this alarm is triggered. These command line scripts are for advanced use, such as administrator-created Perl scripts. First, write the script that is to be used as the alarm action. Store the script in this directory: If there are no scripts in the directory, this field is not available. Click the check box to enable the option and select the correct script from the drop-down list. The arguments that are automatically passed to the script are as follows:
|
Apply To |
|
Notify users |
|
Notify |
If checked, the administrators in the selected group are notified when an alarm occurs. |
Send Email |
If checked, the administrators in the selected group are sent an email when the alarm occurs. Administrators must have an email address configured in the Modify User dialog to receive this email. |
Send SMS |
If checked, the administrators in the selected group are sent an SMS message when an alarm occurs. Administrators must have a Mobile Number and Mobile Provider configured to receive this SMS message. |
Trigger rules |
|
One Event to One Alarm |
Every occurrence of the event generates a unique alarm. |
All Events to One Alarm |
The first occurrence of the event generates a unique alarm. Each subsequent occurrence of the event does not generate an alarm, as long as the alarm persists when subsequent events occur. When the alarm clears, the next occurrence of the event generates another unique alarm. |
Event Frequency |
The number of the occurrences of the event generated by the same element within a user specified amount of time determines the generation of a unique alarm. Settings are updated when the Action is configured. Example:Assume the host connected event is mapped to an alarm and the frequency is set to 3 times in 10 minutes.
|
Event Lifetime |
The duration of an alarm event without a clearing event within a specified time, determines the generation of a unique alarm. Example:Event A occurs. If Event B (clear event) does not occur within the specified time, an alarm is generated. |
Actions |
|
Action |
If checked, the selected action is taken when the alarm mapping is active and the alarm is asserted. |
Host Access Action |
Host is disabled and then re-enabled after the specified time has passed. |
Host Role |
The host's role is changed and then set back to the original role after the specified time has passed. Roles are attributes of the host and are used as filters in user/host profiles. Those profiles determine which network access policy, endpoint compliance policy or Supplicant EasyConnect Policy to apply. If roles are based on a user's attribute from your LDAP or Active Directory, this role change is reversed the next time the directory and the FortiNAC database resynchronize. |
Host Security Action |
Host is set At Risk and then set to Safe after the specified time has passed. |
Command Line Script |
You can specify a particular command line script to be executed as an alarm action. These command line scripts are for advanced use, such as administrator-created Perl scripts. First, write the script that is to be used as the alarm action. Store the script in this directory: The IP and MAC address arguments that are automatically passed to the script are in the format shown in this example:
|
Email User Action |
An email is sent to the user associated with the host. The text of the email is entered in the Email Host Action dialog box. HTML tags may be added to text within the content of the email in order to format the text, convert the text to a link, etc. For example, you can add the <b> and tags to text in the Email message window to bold the selected text in the recipient's email message. |
SMS User Action |
An SMS Message is sent to the user associated with the host. The text of the message is entered in the SMS User Action dialog box. The recipient must have a Mobile Number and Mobile Provider configured. |
%host% |
Allows you to include information specific to the non-compliant host in the email or SMS alert message. For example, this message: The system referenced below has been found at risk. Please contact your Help Desk for assistance in remediating this issue. %host% is displayed as: The system referenced below has been found at risk. Please contact your Help Desk for assistance in remediating this issue: Host: Host Name: TestUser-MacBook-Pro-2 OS: macOS 10.7.5 Network Adapters: Connected 3C:07:54:2A:88:6F,192.168.10.143,Concord-3750 Fa3/0/46 Disconnected 60:C5:47:8F:B1:66,192.168.4.70,Concord_Cisco_1131.example.com VLAN 4 |
%event% |
Allows you to include information specific to the event in the email or SMS alert message. For example, this message:
is displayed as:
|
Port State Action |
The port is disabled and then re-enabled after the specified time has passed. |
Send Message to |
Send a text message to the desktop of a host(s) with the Persistent Agent or Mobile Agent installed. |