Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSwitch 7.2.2 Administration Guide
    7.2.2
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.11
    6.4.6
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.5
    6.2.2
    6.2.1
    6.2.0

    Configuring automation stitches

    Configuring automation stitches

    To configure an automation stitch, you specify a trigger and the action that is performed when the trigger occurs and then set the status to enable.

    You can specify one of the following triggers:

    • The configuration changed.

    • There was a warm or cold reboot of the switch.

    • The scheduled time occurred.

    • An event was logged.

      NOTE: When you specify the log ID, the range of values is 1-65535. If you use the full 10-digit entry, the first four digits are truncated.

    Starting in FortiSwitchOS 7.2.2, you can use the following wildcard characters in the set value command for the automation trigger:

    • Use an asterisk to match any character string of any length, including 0-characters long. For example, use set value "*1567*" to match values of 81567 and 156789.

    • Use square brackets to match one of the multiple characters. For example, use set value "[aA]dmin" to match values of admin and Admin.

    Starting in FortiSwitchOS 7.2.2, you can configure multiple fields for the automation trigger when the event-type is event-log and the logid is set. The action is only performed if all conditions are valid (using AND logic). For example, the following automation trigger requires both the log message to include VRRP and the interface to be svi777 before the action is performed.

    config system automation-trigger

    edit "VRRPlogtrigger"

    set event-type event-log

    set logid 102003209

    config fields

    edit 1

    set name "msg"

    set value "*VRRP*"

    next

    edit 2

    set name "interface"

    set value "svi777"

    next

    end

    next

    end

    You can specify one of the following actions:

    • Run a CLI script.

    • Send an email message.

    • Display an alert in the console.

    • Generate an SNMP trap.

    • Send data to a uniform resource identifier (URI), such as an IP address or URL.

    Use the following steps to configure an automation stitch:

    1. config system automation-trigger

      edit <trigger_name>

      set trigger-type {event-based | scheduled}

      set event-type {config-change | event-log | reboot}

      set logid <log_ID>

      set trigger-frequency {daily | hourly | monthly | weekly}

      set trigger-hour <0-23>

      set trigger-minute <0-59>

      set trigger-day <1-31>

      set trigger-weekday <friday | monday | saturday | sunday | thursday | tuesday | wednesday>

      config fields

      edit <entry_ID>

      set name <string>

      set value <string>

      next

      end

      next

      end

    2. Create an automation action.

      config system automation-action

      edit <name>

      set action-type {alert | cli-script | email | snmp-trap | webhook}

      set accprofile <string>

      set email-body <string>

      set email-from <string>

      set email-subject <string>

      set email-to <email_address>

      set headers <request_headers>

      set http-body <request_body>

      set method {delete | get | patch | post | put}

      set minimum-interval <0-2592000>

      set port <1-65535>

      set protocol {http | https}

      set script <string>

      set snmp-trap {cpu-high | mem-low | syslog-full | test-trap}

      set uri <request_API_URI>

      next

      end

    3. Create the automation stitch.

      config system automation-stitch

      edit <name>

      set status {enable | disable}

      set trigger <trigger_name>

      set action <action_name>

      next

      end

    4. Test the automation stitch.

      diagnose automation test <automation-stitch-name> [<log_ID>]

    Examples

    The following example shows how to create an automation stitch that will display an alert in the console every hour.

    config system automation-trigger

    edit testtrigger

    set trigger-type scheduled

    set trigger-frequency hourly

    set trigger-minute 30

    next

    end

    config system automation-action

    edit testaction

    set action-type alert

    set minimum-interval 1200

    next

    end

    config system automation-stitch

    edit teststitch

    set status enable

    set trigger testtrigger

    set action testaction

    next

    end

    diagnose automation test teststitch 0

    In the following example, the specified log identifier (32002) causes the FortiSwitch unit to send the log message to the server.

    config system automation-action

    edit "Send log to server"

    set action-type webhook

    set uri "172.16.200.44"

    set http-body "%%log%%"

    set port 80

    set headers "Header:1st Action"

    next

    end

    config system automation-trigger

    edit "badLogin"

    set event-type event-log

    set logid 32002

    next

    end

    config system automation-stitch

    edit "webhookstitch"

    set trigger "badLogin"

    set action "Send log to server"

    next

    end

    Previous
    Next

    Configuring automation stitches

    Configuring automation stitches

    To configure an automation stitch, you specify a trigger and the action that is performed when the trigger occurs and then set the status to enable.

    You can specify one of the following triggers:

    • The configuration changed.

    • There was a warm or cold reboot of the switch.

    • The scheduled time occurred.

    • An event was logged.

      NOTE: When you specify the log ID, the range of values is 1-65535. If you use the full 10-digit entry, the first four digits are truncated.

    Starting in FortiSwitchOS 7.2.2, you can use the following wildcard characters in the set value command for the automation trigger:

    • Use an asterisk to match any character string of any length, including 0-characters long. For example, use set value "*1567*" to match values of 81567 and 156789.

    • Use square brackets to match one of the multiple characters. For example, use set value "[aA]dmin" to match values of admin and Admin.

    Starting in FortiSwitchOS 7.2.2, you can configure multiple fields for the automation trigger when the event-type is event-log and the logid is set. The action is only performed if all conditions are valid (using AND logic). For example, the following automation trigger requires both the log message to include VRRP and the interface to be svi777 before the action is performed.

    config system automation-trigger

    edit "VRRPlogtrigger"

    set event-type event-log

    set logid 102003209

    config fields

    edit 1

    set name "msg"

    set value "*VRRP*"

    next

    edit 2

    set name "interface"

    set value "svi777"

    next

    end

    next

    end

    You can specify one of the following actions:

    • Run a CLI script.

    • Send an email message.

    • Display an alert in the console.

    • Generate an SNMP trap.

    • Send data to a uniform resource identifier (URI), such as an IP address or URL.

    Use the following steps to configure an automation stitch:

    1. config system automation-trigger

      edit <trigger_name>

      set trigger-type {event-based | scheduled}

      set event-type {config-change | event-log | reboot}

      set logid <log_ID>

      set trigger-frequency {daily | hourly | monthly | weekly}

      set trigger-hour <0-23>

      set trigger-minute <0-59>

      set trigger-day <1-31>

      set trigger-weekday <friday | monday | saturday | sunday | thursday | tuesday | wednesday>

      config fields

      edit <entry_ID>

      set name <string>

      set value <string>

      next

      end

      next

      end

    2. Create an automation action.

      config system automation-action

      edit <name>

      set action-type {alert | cli-script | email | snmp-trap | webhook}

      set accprofile <string>

      set email-body <string>

      set email-from <string>

      set email-subject <string>

      set email-to <email_address>

      set headers <request_headers>

      set http-body <request_body>

      set method {delete | get | patch | post | put}

      set minimum-interval <0-2592000>

      set port <1-65535>

      set protocol {http | https}

      set script <string>

      set snmp-trap {cpu-high | mem-low | syslog-full | test-trap}

      set uri <request_API_URI>

      next

      end

    3. Create the automation stitch.

      config system automation-stitch

      edit <name>

      set status {enable | disable}

      set trigger <trigger_name>

      set action <action_name>

      next

      end

    4. Test the automation stitch.

      diagnose automation test <automation-stitch-name> [<log_ID>]

    Examples

    The following example shows how to create an automation stitch that will display an alert in the console every hour.

    config system automation-trigger

    edit testtrigger

    set trigger-type scheduled

    set trigger-frequency hourly

    set trigger-minute 30

    next

    end

    config system automation-action

    edit testaction

    set action-type alert

    set minimum-interval 1200

    next

    end

    config system automation-stitch

    edit teststitch

    set status enable

    set trigger testtrigger

    set action testaction

    next

    end

    diagnose automation test teststitch 0

    In the following example, the specified log identifier (32002) causes the FortiSwitch unit to send the log message to the server.

    config system automation-action

    edit "Send log to server"

    set action-type webhook

    set uri "172.16.200.44"

    set http-body "%%log%%"

    set port 80

    set headers "Header:1st Action"

    next

    end

    config system automation-trigger

    edit "badLogin"

    set event-type event-log

    set logid 32002

    next

    end

    config system automation-stitch

    edit "webhookstitch"

    set trigger "badLogin"

    set action "Send log to server"

    next

    end

    Previous
    Next