Configure Email Alerts

You can configure email alerts for System, Config, HIP Match, Correlation, Threat, WildFire Submission, and Traffic logs.
  1. Create an Email server profile.
    You can use separate profiles to send email notifications for each log type to a different server. To increase availability, define multiple servers (up to four) in a single profile.
    1. Select DeviceServer ProfilesEmail.
    2. Click Add and then enter a Name for the profile.
    3. If the firewall has more than one virtual system (vsys), select the Location (vsys or Shared) where this profile is available.
    4. For each Simple Mail Transport Protocol (SMTP) server (email server), click Add and define the following information:
      • Name—Name to identify the SMTP server (1-31 characters). This field is just a label and doesn’t have to be the hostname of an existing email server.
      • Email Display Name—The name to show in the From field of the email.
      • From—The email address from which the firewall sends emails.
      • To—The email address to which the firewall sends emails.
      • Additional Recipient—If you want to send emails to a second account, enter the address here. You can add only one additional recipient. For multiple recipients, add the email address of a distribution list.
      • Email Gateway—The IP address or hostname of the SMTP gateway to use for sending emails.
    5. (Optional) Select the Custom Log Format tab and customize the format of the email messages. For details on how to create custom formats for the various log types, refer to the Common Event Format Configuration Guide.
    6. Click OK to save the Email server profile.
  2. Configure email alerts for Traffic, Threat, and WildFire Submission logs.
    1. See Step Create a Log Forwarding profile.
      1. Select ObjectsLog Forwarding, click Add, and enter a Name to identify the profile.
      2. For each log type and each severity level or WildFire verdict, select the Email server profile and click OK.
    2. See Step Assign the Log Forwarding profile to policy rules and network zones.
  3. Configure email alerts for System, Config, HIP Match, and Correlation logs.
    1. Select DeviceLog Settings.
    2. For System and Correlation logs, click each Severity level, select the Email server profile, and click OK.
    3. For Config and HIP Match logs, edit the section, select the Email server profile, and click OK.
    4. Click Commit.

Related Documentation