Fortinet white logo
Fortinet white logo

Administration Guide

Event handlers

Event handlers

Event handlers determine what events to be generated from logs. Enable an event handler to start generating events. To see which event handlers are enabled or disabled, see Enabling event handlers.

When ADOMs are enabled, each ADOM has its own event handlers and lists of events. Ensure you are in the correct ADOM when working in Event Manager.

You can use predefined event handlers to generate events. There are predefined event handlers for FortiGate and FortiCarrier devices.

You can create custom event handlers. An easy way to create a custom event handler is to clone a predefined event handler and customize its settings. See Cloning event handlers.

Configure event handlers to generate events for all devices, a specific device, or for the local FortiAnalyzer unit. You can create event handlers for FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiWeb, FortiSandbox devices, and syslog servers. In 5.2.0 or later, Event Manager supports local FortiAnalyzer event logs.

To see event handlers, go to Event Manager > Event Monitor > Event Handler List.

Event handlers generate events only from Analytics logs and not Archive logs. For more information, see Archive logs and Analytics logs.

In an Analyzer–Collector collaboration scenario, the Analyzer evaluates event handlers. For more information, see Analyzer–Collector collaboration.

Event handlers

Event handlers

Event handlers determine what events to be generated from logs. Enable an event handler to start generating events. To see which event handlers are enabled or disabled, see Enabling event handlers.

When ADOMs are enabled, each ADOM has its own event handlers and lists of events. Ensure you are in the correct ADOM when working in Event Manager.

You can use predefined event handlers to generate events. There are predefined event handlers for FortiGate and FortiCarrier devices.

You can create custom event handlers. An easy way to create a custom event handler is to clone a predefined event handler and customize its settings. See Cloning event handlers.

Configure event handlers to generate events for all devices, a specific device, or for the local FortiAnalyzer unit. You can create event handlers for FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiWeb, FortiSandbox devices, and syslog servers. In 5.2.0 or later, Event Manager supports local FortiAnalyzer event logs.

To see event handlers, go to Event Manager > Event Monitor > Event Handler List.

Event handlers generate events only from Analytics logs and not Archive logs. For more information, see Archive logs and Analytics logs.

In an Analyzer–Collector collaboration scenario, the Analyzer evaluates event handlers. For more information, see Analyzer–Collector collaboration.