| Description | This article tells you How to configure FAZ Event Notification when log device stops sending log to Fortianalyzer |
| Scope | Fortianalyzer |
| Solution |
1. Configure the elapse time for the FAZ to generate the event:
(setting)# show #config system locallog setting #set log-interval-dev-no-logging 5 #end
#set log-interval-dev-no-logging <integer> interval in minute, the range should be [5-2880] or '0' as disable
2. Check the config has been taken into account on the event system log:
id=7052242772836745216 itime=2022-01-12 10:03:44 euid=1 epid=1 dsteuid=1 dstepid=1 log_id=0001010026 subtype=system type=event level=notice time=10:03:44 date=2022-01-12 user=admin cli_act=0 cmd_from=0 path=system.locallog.setting userfrom=ssh(10.5.63.254) desc=CLI execution info session_id=58747 operation=edit performed_on=ssh(10.5.63.254) changes=path=system.locallog.setting,act=edit,log-interval-dev-no-logging=5(30) devid=FAZ-VM0000085594 dtime=2022-01-12 10:03:44 itime_t=1641978224
3. Check If the warning is received on the system setting event page when a device stops sending log after 5 min:
id=7052245109298954242 itime=2022-01-12 10:12:48 euid=1 epid=1 dsteuid=1 dstepid=1 log_id=0029038009 subtype=logdev type=event level=warning adom=new time=10:12:48 date=2022-01-12 user=system msg=Did not receive any log from device fgt_wifi[FG60EPTK18000036] in last 7 minutes. userfrom=system desc=Device offline logdev_id=FG60EPTK18000036 logdev_name=fgt_wifi logdev_offline_duration=7 logdev_last_logging=1641978299 operation=Device offline changes=Did not receive any log from device. devid=FAZ-VM0000085594 dtime=2022-01-12 10:12:48 itime_t=1641978768
4. Import () attached file event Handler on FAZ root Fabric ADOM
5. Modify the notification email to reflect SMTP alert destination address
6. Check that the email alert is received.
|
