FortiOS Event Log trigger
You can configure a FortiOS Event Log trigger for when a specific event log ID occurs. You can select multiple event log IDs, and apply log field filters.
To configure a FortiOS Event Log trigger in the GUI:
- Go to Security Fabric > Automation and click Create New.
- Enter the stitch name and description.
- Configure the trigger:
- Click Add Trigger.
- Click Create and select FortiOS Event Log.
- Enter a name and description.
- In the Event field, click the + to select multiple event log IDs.
- In the Field filter(s) field, click the + to add multiple field filters. The configured filters much match in order for the stitch to be triggered.
- Click OK.
- Select the trigger in the list and click Apply.
- Configure the rest of the stitch as needed.
To configure a FortiOS Event Log trigger in the CLI:
config system automation-trigger edit "event_login_logout" set description "trigger for login logout event" set event-type event-log set logid 32001 32003 config fields edit 1 set name "user" set value "csf" next edit 2 set name "ip" set value "10.6.30.254" next end next end