Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Alert email

To notify you of serious attack and/or system failure events, you can configure the FortiWeb appliance to generate an alert email.

Alerts appear on the dashboard. FortiWeb will also generate alert e-mail if you configure email settings and include them in a trigger that is used by system resource thresholds and/or traffic policies.

Alert email are based upon events that are also in log messages. If you have received an alert email and want to know more about the events, go to the corresponding log messages. For details about viewing locally stored log messages, see Viewing log messages.

To configure alert email

Configure email settings so that FortiWeb will be able to connect to an SMTP server that will deliver alerts. For details, see Configuring email settings.

If you want to receive email about attacks or policy violations, add the email settings to the trigger that is used by those policies. For details, see Configuring triggers.

If you want to receive email about system resource statuses, configure alert thresholds. For details, see Enabling log types, packet payload retention, & resource shortage alerts.

If you want to receive copies of event log messages via email, For details, see Configuring alert email for event logs.

Configuring email settings

If you define email settings, FortiWeb can send email to alert specific administrators or other personnel when a serious condition or problem occurs, such as a system failure or network attack. Email settings include email address information for selected recipients and it sets the frequency that emails are sent to those recipients.

For example, you might configure a signature set to monitor for SQL-injection violations and take specific actions if those types of violations occur. The specific actions can include sending an alert email, in which case the email is sent to the individuals identified in the email settings attached to the trigger used for the SQL injection violation. The trigger could also include recording the violation in Syslog or FortiAnalyzer. For more information on Syslog or FortiAnalyzer settings, see Configuring Syslog settings and Configuring FortiAnalyzer policies.

The alert email settings also enables you to define the interval that emails are sent if the same alert condition persists following the initial occurrence.

For example, you might configure the FortiWeb appliance to send only one alert message for each 15-minute interval after warning-level log messages begin to be recorded. In that case, if the alert condition continues to occur for 35 minutes after the first warning-level log message, the FortiWeb appliance would send a total of three alert email messages, no matter how many warning-level log messages were recorded during that period of time.

For details about the severity levels of log messages, see Log severity levels.

To configure email settings

Enable alert email for each log type that you want to generate alert email. For details, see Enabling log types, packet payload retention, & resource shortage alerts.

Go to Log&Report > Log Policy > Email Policy.

To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Log & Report category. For details, see Permissions.

Click Create New.

Configure these settings:

Policy Name Specify a unique name that can be referenced by other parts of the configuration.
Connection Security

Select one of the following options:

  • NoneFortiWeb applies no security protocol to email.
  • STARTTLS—Encrypts the connection to the SMTP server using STARTTLS.
  • SSL/TLS—Encrypts the connection to the SMTP server using SSL/TLS.
SMTP server

Type the fully qualified domain name (FQDN, e.g. mail.example.com) or IP address of the SMTP relay or server, such as a FortiMail appliance, that the FortiWeb appliance uses to send alerts and generated reports.

Caution: If you enter a domain name, you must also configure the FortiWeb appliance with at least one DNS server. Failure to configure a DNS server may cause the FortiWeb appliance to be unable to resolve the domain name, and therefore unable to send the alert. For details about configuring use of a DNS server, see Configuring DNS settings.

SMTP Port Enter the port on the SMTP server that listens for alerts and generated reports from FortiWeb.
Email From Type the sender email address, such as FortiWeb@example.com, that the FortiWeb appliance will use when sending alert email messages.
Email To Type up to three recipient email addresses such as admin@example.com. Enter one per field.
Authentication Enable if the SMTP relay requires authentication.
SMTP Username

Type the user name of the account on the SMTP relay (e.g. FortiWeb) that FortiWeb uses to send alerts.

This option is available only if Authentication is enabled.

SMTP Password

Type the password of the account on the SMTP relay that FortiWeb uses to send alerts.

This option is available only if Authentication is enabled.

Apply & Test Click to save the current settings and test the connection to the SMTP server.
Log Level Select the priority threshold that log messages must meet or exceed in order to cause an alert. For details about log levels, see Log severity levels.
Send email based on interval time Enable to configure sending email based on interval time.
Interval Type the number of minutes between each alert if an alert condition of the specified severity level continues to occur after the initial alert.
Enable Email attachments compression Check to apply compression to the alert email policy. With the compression function being enabled, event logs and alerts will be attached to the emails in ZIP format, otherwise they will be attached in TXT format.
Company Name Custom your alert email by inserting a company name. Enter a company name; the specified name will be displayed on the top of the email content.
Company Logo Custom your alert email by inserting a company logo. Select a company logo; the specified logo will be displayed on the top of the email content. Only JPG is acceptable, and the maximum acceptable file size of the logo is 36KB.

Click OK.

Group the email settings in a trigger. For details, see Configuring triggers.

Add the appliance’s sender address to your address book. Depending on your anti-spam software/device, you may also need to adjust other settings to ensure that email from this appliance is not accidentally dropped or tagged as spam.

To verify your settings and connectivity to the email server/relay, click Apply & Test.

See also

Configuring alert email for event logs

You can configure FortiWeb to send an alert email for event log messages.

To configure alert email for event logs

Go to Log&Report > Log Config > Global Log Settings.

To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Log & Report category. For details, see Permissions.

Configure these settings:

Alert Mail

Enable to generate alert email when log messages are created.

Distribution of alert email is controlled by email policies and trigger actions associated with various types of violations. If this option is enabled, but a trigger action is not selected for a specific type of violation, every occurrence of that violation will result in an alert email to the individuals associated with the policy selected in the Email Policy field.

Note: Alert email are not sent for traffic logs.

Note: Before enabling this option, verify that log frequency is not too great. If logs are very frequent, enabling this option could decrease performance and cause the FortiWeb appliance to send you many alert email messages.

  Email Policy Select the email settings to use for alert emails. For details, see Configuring email settings.

Click Apply.

See also

Alert email

To notify you of serious attack and/or system failure events, you can configure the FortiWeb appliance to generate an alert email.

Alerts appear on the dashboard. FortiWeb will also generate alert e-mail if you configure email settings and include them in a trigger that is used by system resource thresholds and/or traffic policies.

Alert email are based upon events that are also in log messages. If you have received an alert email and want to know more about the events, go to the corresponding log messages. For details about viewing locally stored log messages, see Viewing log messages.

To configure alert email

Configure email settings so that FortiWeb will be able to connect to an SMTP server that will deliver alerts. For details, see Configuring email settings.

If you want to receive email about attacks or policy violations, add the email settings to the trigger that is used by those policies. For details, see Configuring triggers.

If you want to receive email about system resource statuses, configure alert thresholds. For details, see Enabling log types, packet payload retention, & resource shortage alerts.

If you want to receive copies of event log messages via email, For details, see Configuring alert email for event logs.

Configuring email settings

If you define email settings, FortiWeb can send email to alert specific administrators or other personnel when a serious condition or problem occurs, such as a system failure or network attack. Email settings include email address information for selected recipients and it sets the frequency that emails are sent to those recipients.

For example, you might configure a signature set to monitor for SQL-injection violations and take specific actions if those types of violations occur. The specific actions can include sending an alert email, in which case the email is sent to the individuals identified in the email settings attached to the trigger used for the SQL injection violation. The trigger could also include recording the violation in Syslog or FortiAnalyzer. For more information on Syslog or FortiAnalyzer settings, see Configuring Syslog settings and Configuring FortiAnalyzer policies.

The alert email settings also enables you to define the interval that emails are sent if the same alert condition persists following the initial occurrence.

For example, you might configure the FortiWeb appliance to send only one alert message for each 15-minute interval after warning-level log messages begin to be recorded. In that case, if the alert condition continues to occur for 35 minutes after the first warning-level log message, the FortiWeb appliance would send a total of three alert email messages, no matter how many warning-level log messages were recorded during that period of time.

For details about the severity levels of log messages, see Log severity levels.

To configure email settings

Enable alert email for each log type that you want to generate alert email. For details, see Enabling log types, packet payload retention, & resource shortage alerts.

Go to Log&Report > Log Policy > Email Policy.

To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Log & Report category. For details, see Permissions.

Click Create New.

Configure these settings:

Policy Name Specify a unique name that can be referenced by other parts of the configuration.
Connection Security

Select one of the following options:

  • NoneFortiWeb applies no security protocol to email.
  • STARTTLS—Encrypts the connection to the SMTP server using STARTTLS.
  • SSL/TLS—Encrypts the connection to the SMTP server using SSL/TLS.
SMTP server

Type the fully qualified domain name (FQDN, e.g. mail.example.com) or IP address of the SMTP relay or server, such as a FortiMail appliance, that the FortiWeb appliance uses to send alerts and generated reports.

Caution: If you enter a domain name, you must also configure the FortiWeb appliance with at least one DNS server. Failure to configure a DNS server may cause the FortiWeb appliance to be unable to resolve the domain name, and therefore unable to send the alert. For details about configuring use of a DNS server, see Configuring DNS settings.

SMTP Port Enter the port on the SMTP server that listens for alerts and generated reports from FortiWeb.
Email From Type the sender email address, such as FortiWeb@example.com, that the FortiWeb appliance will use when sending alert email messages.
Email To Type up to three recipient email addresses such as admin@example.com. Enter one per field.
Authentication Enable if the SMTP relay requires authentication.
SMTP Username

Type the user name of the account on the SMTP relay (e.g. FortiWeb) that FortiWeb uses to send alerts.

This option is available only if Authentication is enabled.

SMTP Password

Type the password of the account on the SMTP relay that FortiWeb uses to send alerts.

This option is available only if Authentication is enabled.

Apply & Test Click to save the current settings and test the connection to the SMTP server.
Log Level Select the priority threshold that log messages must meet or exceed in order to cause an alert. For details about log levels, see Log severity levels.
Send email based on interval time Enable to configure sending email based on interval time.
Interval Type the number of minutes between each alert if an alert condition of the specified severity level continues to occur after the initial alert.
Enable Email attachments compression Check to apply compression to the alert email policy. With the compression function being enabled, event logs and alerts will be attached to the emails in ZIP format, otherwise they will be attached in TXT format.
Company Name Custom your alert email by inserting a company name. Enter a company name; the specified name will be displayed on the top of the email content.
Company Logo Custom your alert email by inserting a company logo. Select a company logo; the specified logo will be displayed on the top of the email content. Only JPG is acceptable, and the maximum acceptable file size of the logo is 36KB.

Click OK.

Group the email settings in a trigger. For details, see Configuring triggers.

Add the appliance’s sender address to your address book. Depending on your anti-spam software/device, you may also need to adjust other settings to ensure that email from this appliance is not accidentally dropped or tagged as spam.

To verify your settings and connectivity to the email server/relay, click Apply & Test.

See also

Configuring alert email for event logs

You can configure FortiWeb to send an alert email for event log messages.

To configure alert email for event logs

Go to Log&Report > Log Config > Global Log Settings.

To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the Log & Report category. For details, see Permissions.

Configure these settings:

Alert Mail

Enable to generate alert email when log messages are created.

Distribution of alert email is controlled by email policies and trigger actions associated with various types of violations. If this option is enabled, but a trigger action is not selected for a specific type of violation, every occurrence of that violation will result in an alert email to the individuals associated with the policy selected in the Email Policy field.

Note: Alert email are not sent for traffic logs.

Note: Before enabling this option, verify that log frequency is not too great. If logs are very frequent, enabling this option could decrease performance and cause the FortiWeb appliance to send you many alert email messages.

  Email Policy Select the email settings to use for alert emails. For details, see Configuring email settings.

Click Apply.

See also