Consolidate Event Handlers for FortiGate System Events
In 6.0, there are several pre-defined event handlers related to FortiGate System Events. To simplify the configuration, these are now grouped into a single event handler with multiple filters.
To view the consolidated FOS event handler:
- In FortiAnalyzer, go to Incidents & Events > Event Handler List.
- The previous pre-defined FortiGate event handlers have been replaced with an updated FortiGate event handler, Default FOS System Events, which includes eight filters:
- Any log with a severity warning and error.
- Any log with a severity of critical and up.
- Wireless events with a severity below warning.
- Compliance events with a severity below warning.
- Maintenance events with a severity below warning.
- Interface, tunnel, VPN, and connection events with a severity below warning.
- Authentication events with a severity below warning.
- Quarantine and automation events with a severity below warning.
Example of FOS event handler consolidation:
- The legacy FOS Event Log Higher Than Warning (top-left in the example below) is now covered by the new Default FOS System Events Filter 1 and Filter 2 (right).
- The legacy Conserve Mode (bottom-left) is now covered by the new Default FOS System Events Filter 2 (right - the level of the log entered in conserve mode is Critical).
Example of an event generated by the new consolidated handler with the log: System entered conserve mode.
Example of an event generated by the legacy Conserve Mode handler with the log: System entered conserve mode.