Fortinet black logo

Administration Guide

Creating custom event handlers

Creating custom event handlers

To create a new event handler:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Event Manager > Event Handler List.
  3. In the toolbar, click Create New.

  1. Configure the settings as required and click OK. For a description of the fields, see Create New Handler pane.
  2. Click OK to create the new event handler.

Creating custom event handlers using the Generic Text Filter

Because Generic Text Filter uses regex (regular expression) syntax, you must use an escape character when needed. For example, cfgpath=firewall.policy is the wrong syntax because it's missing an escape character. The correct syntax is cfgpath=firewall\.policy.

To create an event handler using the Generic Text Filter to match raw log data:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Log View, and select a log type.
  3. In the toolbar, click Tools > Display Raw.

    The easiest method is to copy the text string you want from the raw log and paste it into the Generic Text Filter field. Ensure you insert an escape character when necessary, for example, cfgpath=firewall\.policy.

  4. Locate and copy the text in the raw log.
  5. Go to Event Manager > Event Handler List and click Create New.
  6. In the Generic Text Filter box, paste the text you copied or type the text you want. Ensure you use the raw log field names, for example, mem (not memory) and setuprate (not setup-rate).

    For information on text format and operators, hover the cursor over the help icon. The operator ~ means contains and !~ means does not contain.

  7. If you want to be notified of events, configure the Notifications section.
  8. Configure other settings as required and click OK. For a description of the fields, see Create New Handler pane.

Creating custom event handlers

To create a new event handler:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Event Manager > Event Handler List.
  3. In the toolbar, click Create New.

  1. Configure the settings as required and click OK. For a description of the fields, see Create New Handler pane.
  2. Click OK to create the new event handler.

Creating custom event handlers using the Generic Text Filter

Because Generic Text Filter uses regex (regular expression) syntax, you must use an escape character when needed. For example, cfgpath=firewall.policy is the wrong syntax because it's missing an escape character. The correct syntax is cfgpath=firewall\.policy.

To create an event handler using the Generic Text Filter to match raw log data:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Log View, and select a log type.
  3. In the toolbar, click Tools > Display Raw.

    The easiest method is to copy the text string you want from the raw log and paste it into the Generic Text Filter field. Ensure you insert an escape character when necessary, for example, cfgpath=firewall\.policy.

  4. Locate and copy the text in the raw log.
  5. Go to Event Manager > Event Handler List and click Create New.
  6. In the Generic Text Filter box, paste the text you copied or type the text you want. Ensure you use the raw log field names, for example, mem (not memory) and setuprate (not setup-rate).

    For information on text format and operators, hover the cursor over the help icon. The operator ~ means contains and !~ means does not contain.

  7. If you want to be notified of events, configure the Notifications section.
  8. Configure other settings as required and click OK. For a description of the fields, see Create New Handler pane.