Fortinet Document Library

Version:

7.0.0
6.4.5
6.4.4

Version:

6.4.3
6.4.2
6.4.1

Version:

6.4.0

Table of Contents

Administration Guide

7.0.0
7.0.0
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
Download PDF
Copy Link

FortiOS Event Log trigger

You can configure a FortiOS Event Log trigger for when a specific event log ID occurs. You can select multiple event log IDs, and apply log field filters.

To configure a FortiOS Event Log trigger in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name and description.
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Click Create and select FortiOS Event Log.
    3. Enter a name and description.
    4. In the Event field, click the + to select multiple event log IDs.
    5. In the Field filter(s) field, click the + to add multiple field filters. The configured filters much match in order for the stitch to be triggered.

    6. Click OK.
    7. Select the trigger in the list and click Apply.
  4. Configure the rest of the stitch as needed.
To configure a FortiOS Event Log trigger in the CLI:
config system automation-trigger
    edit "event_login_logout"
        set description "trigger for login logout event"
        set event-type event-log
        set logid 32001 32003
        config fields
            edit 1
                set name "user"
                set value "csf"
            next
            edit 2
                set name "ip"
                set value "10.6.30.254"
            next
        end
    next
end

FortiOS Event Log trigger

You can configure a FortiOS Event Log trigger for when a specific event log ID occurs. You can select multiple event log IDs, and apply log field filters.

To configure a FortiOS Event Log trigger in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name and description.
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Click Create and select FortiOS Event Log.
    3. Enter a name and description.
    4. In the Event field, click the + to select multiple event log IDs.
    5. In the Field filter(s) field, click the + to add multiple field filters. The configured filters much match in order for the stitch to be triggered.

    6. Click OK.
    7. Select the trigger in the list and click Apply.
  4. Configure the rest of the stitch as needed.
To configure a FortiOS Event Log trigger in the CLI:
config system automation-trigger
    edit "event_login_logout"
        set description "trigger for login logout event"
        set event-type event-log
        set logid 32001 32003
        config fields
            edit 1
                set name "user"
                set value "csf"
            next
            edit 2
                set name "ip"
                set value "10.6.30.254"
            next
        end
    next
end