Technical Tip: How to include IPS option in the log type for FortiProxy

By default when it is necessary to create an Event Handler for FortiProxy to trigger the IPS event log, there is no option available from GUI.

Hence, it is necessary to edit it from the JSON file.

1. Go to the Event handler created -> Select export (in the text file).
   
   

2. Open the JSON file and search under Rule -> 'logtype' -> Change to 'IPS'.
   
   

   

    

    

3. After changing the 'log type' value, save it and import it again to FortiAnalyzer.

   When importing the file, ensure to choose 'rename' and select ok.

    

   

    

4. Go to the files renamed, change the 'Group by' value to IPS and logs match as IPS.

    

   

    

    

5. Test send dummy log from FortiProxy to FortiAnalyzer (diag log test).
   
   

   

    

6. After sending the dummy log to FortiAnalyzer, check the event handler trigger at the event monitor, and select 'All events'.