Logs, Reports, and Alerts

Configuring alert email

The Alert Email submenu lets you configure the FortiMail unit to notify selected users (including administrators) by email when specific types of events occur and are logged. For example, if you require notification about virus detections, you can have the FortiMail unit send an alert email message whenever the FortiMail unit detects a virus.

To set up alerts, you must configure both the alert email recipients (see “Configuring alert recipients” on page 683) and which event categories will trigger an alert email message (see “Configuring alert categories” on page 684).

Alert email messages also require that you supply the FortiMail unit with the IP address of at least one DNS server. The FortiMail unit uses the domain name of the SMTP server to send alert email messages. To resolve this domain name into an IP address, the FortiMail unit must be able to query a DNS server. For information on DNS, see “Configuring DNS” on page 259.

  • Configuring alert recipients
  • Configuring alert categories

Configuring alert recipients

Before the FortiMail unit can send alert email messages, you must create a recipient list.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To configure recipients of alert email messages

  1. Go to Log and Report > Alert Email > Configuration.

Figure 310:Alert email configuration

GUI item Description
Test

(button)

Select one or more email accounts and click Test to verify that alert email is configured correctly. This sends a sample alert email to all selected recipients.
Alert Email

Account

Displays the names of email accounts receiving email alerts.
  1. Click New to add the email address of a recipient.

A single-field dialog appears.

Figure 311:Creating an alert

  1. In Email to, enter a recipient email address.
  2. Click Create.
  3. Repeat the previous steps to add more users.

Configuring alert categories

Before the FortiMail unit can send alert email messages, you must specify which events cause the FortiMail unit to send an alert email message to your list of alert email recipients (see “Configuring alert recipients” on page 683).

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Others category

For details, see “About administrator account permissions and domains” on page 290.

To select events that will trigger an alert email message

  1. Go to Log and Report > Alert Email > Categories.
  2. Select one or more of the following event categories check boxes:
GUI item Description
Virus incidents Send an alert email message when the FortiMail unit detects a virus.
Critical events Send an alert email message when an important system event occurs. These include system reboot/reload, firmware upgrade/downgrade, and log disk/mail disk formatting.
Disk is full Send an alert email message when the hard disk of the FortiMail unit is full.
Remote archiving/NAS failures Send an alert email message when the remote archiving feature encounters one or more failures.See “Configuring email archiving accounts” on page 656.
HA events Send an alert email message when any high availability (HA) event occurs.

When a FortiMail unit is operating in HA mode, the subject line of the alert email includes the host name of the cluster member. If you have configured a different host name for each member of the cluster, this lets you identify which FortiMail unit in the HA cluster sent the alert email message. For more information, see “About logging, alert email and SNMP in HA” on page 311.

Disk quota of an

account is exceeded

Send an alert email message when an email user’s account exceeds its quota of hard disk space.

This option is available only if the FortiMail unit is in server mode.

Dictionary is corrupted Send an alert email message when a dictionary is corrupt.
System quarantine/Email Archive quota is exceeded Send an alert email message when the system quarantine or any email archiving account reaches its quota of hard disk space. For more information on the system quarantine, see “Configuring the system quarantine administrator account and disk quota” on page 611. For information about email archiving account quota, see “Configuring rotation settings” on page 659.

GUI item                        Description

Deferred emails        Send an alert email message if the deferred email queue contains greater than this number of email messages. Enter a number between 1 and 10 000 to define the alert threshold, then enter the interval of time between each alert email message that the FortiMail unit will send while the number of email messages in the deferred email queue remains over this limit.

FortiGuard license Send an alert email when the FortiGuard license is to expire in the expiry time     number of days entered. Enter a number between 1 and 100.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

4 thoughts on “Logs, Reports, and Alerts

    1. Mike Post author

      Depends on a wide variety of things. Amount of logs being generated, amount of storage on the device, etc…

      Reply
  1. Nikesh

    in fortigate logs, we have field logid=0315012546 where the last digit of this field i.e. ‘012546’ is referred as message id and it helps in understanding the logs in detail.
    Does such thing applies in log_id field of fortimail as well?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.