Fortinet black logo

Administration Guide

Home FortiSwitch 7.2.2 Administration Guide

Configuring automation stitches

7.2.2
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.9
7.0.8
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.11
6.4.6
6.4.5
6.4.3
6.4.2
6.4.0
6.2.5
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID f65c09ce-240d-11ed-9eba-fa163e15d75b:653071
Download PDF

Configuring automation stitches

To configure an automation stitch, you specify a trigger and the action that is performed when the trigger occurs and then set the status to enable.

You can specify one of the following triggers:

  • The configuration changed.

  • There was a warm or cold reboot of the switch.

  • The scheduled time occurred.

  • An event was logged.

    NOTE: When you specify the log ID, the range of values is 1-65535. If you use the full 10-digit entry, the first four digits are truncated.

Starting in FortiSwitchOS 7.2.2, you can use the following wildcard characters in the set value command for the automation trigger:

  • Use an asterisk to match any character string of any length, including 0-characters long. For example, use set value "*1567*" to match values of 81567 and 156789.

  • Use square brackets to match one of the multiple characters. For example, use set value "[aA]dmin" to match values of admin and Admin.

Starting in FortiSwitchOS 7.2.2, you can configure multiple fields for the automation trigger when the event-type is event-log and the logid is set. The action is only performed if all conditions are valid (using AND logic). For example, the following automation trigger requires both the log message to include VRRP and the interface to be svi777 before the action is performed.

config system automation-trigger

edit "VRRPlogtrigger"

set event-type event-log

set logid 102003209

config fields

edit 1

set name "msg"

set value "*VRRP*"

next

edit 2

set name "interface"

set value "svi777"

next

end

next

end

You can specify one of the following actions:

  • Run a CLI script.

  • Send an email message.

  • Display an alert in the console.

  • Generate an SNMP trap.

  • Send data to a uniform resource identifier (URI), such as an IP address or URL.

Use the following steps to configure an automation stitch:

  1. config system automation-trigger

    edit <trigger_name>

    set trigger-type {event-based | scheduled}

    set event-type {config-change | event-log | reboot}

    set logid <log_ID>

    set trigger-frequency {daily | hourly | monthly | weekly}

    set trigger-hour <0-23>

    set trigger-minute <0-59>

    set trigger-day <1-31>

    set trigger-weekday <friday | monday | saturday | sunday | thursday | tuesday | wednesday>

    config fields

    edit <entry_ID>

    set name <string>

    set value <string>

    next

    end

    next

    end

  2. Create an automation action.

    config system automation-action

    edit <name>

    set action-type {alert | cli-script | email | snmp-trap | webhook}

    set accprofile <string>

    set email-body <string>

    set email-from <string>

    set email-subject <string>

    set email-to <email_address>

    set headers <request_headers>

    set http-body <request_body>

    set method {delete | get | patch | post | put}

    set minimum-interval <0-2592000>

    set port <1-65535>

    set protocol {http | https}

    set script <string>

    set snmp-trap {cpu-high | mem-low | syslog-full | test-trap}

    set uri <request_API_URI>

    next

    end

  3. Create the automation stitch.

    config system automation-stitch

    edit <name>

    set status {enable | disable}

    set trigger <trigger_name>

    set action <action_name>

    next

    end

  4. Test the automation stitch.

    diagnose automation test <automation-stitch-name> [<log_ID>]

Examples

The following example shows how to create an automation stitch that will display an alert in the console every hour.

config system automation-trigger

edit testtrigger

set trigger-type scheduled

set trigger-frequency hourly

set trigger-minute 30

next

end

config system automation-action

edit testaction

set action-type alert

set minimum-interval 1200

next

end

config system automation-stitch

edit teststitch

set status enable

set trigger testtrigger

set action testaction

next

end

diagnose automation test teststitch 0

In the following example, the specified log identifier (32002) causes the FortiSwitch unit to send the log message to the server.

config system automation-action

edit "Send log to server"

set action-type webhook

set uri "172.16.200.44"

set http-body "%%log%%"

set port 80

set headers "Header:1st Action"

next

end

config system automation-trigger

edit "badLogin"

set event-type event-log

set logid 32002

next

end

config system automation-stitch

edit "webhookstitch"

set trigger "badLogin"

set action "Send log to server"

next

end

Previous
Next

Configuring automation stitches

To configure an automation stitch, you specify a trigger and the action that is performed when the trigger occurs and then set the status to enable.

You can specify one of the following triggers:

  • The configuration changed.

  • There was a warm or cold reboot of the switch.

  • The scheduled time occurred.

  • An event was logged.

    NOTE: When you specify the log ID, the range of values is 1-65535. If you use the full 10-digit entry, the first four digits are truncated.

Starting in FortiSwitchOS 7.2.2, you can use the following wildcard characters in the set value command for the automation trigger:

  • Use an asterisk to match any character string of any length, including 0-characters long. For example, use set value "*1567*" to match values of 81567 and 156789.

  • Use square brackets to match one of the multiple characters. For example, use set value "[aA]dmin" to match values of admin and Admin.

Starting in FortiSwitchOS 7.2.2, you can configure multiple fields for the automation trigger when the event-type is event-log and the logid is set. The action is only performed if all conditions are valid (using AND logic). For example, the following automation trigger requires both the log message to include VRRP and the interface to be svi777 before the action is performed.

config system automation-trigger

edit "VRRPlogtrigger"

set event-type event-log

set logid 102003209

config fields

edit 1

set name "msg"

set value "*VRRP*"

next

edit 2

set name "interface"

set value "svi777"

next

end

next

end

You can specify one of the following actions:

  • Run a CLI script.

  • Send an email message.

  • Display an alert in the console.

  • Generate an SNMP trap.

  • Send data to a uniform resource identifier (URI), such as an IP address or URL.

Use the following steps to configure an automation stitch:

  1. config system automation-trigger

    edit <trigger_name>

    set trigger-type {event-based | scheduled}

    set event-type {config-change | event-log | reboot}

    set logid <log_ID>

    set trigger-frequency {daily | hourly | monthly | weekly}

    set trigger-hour <0-23>

    set trigger-minute <0-59>

    set trigger-day <1-31>

    set trigger-weekday <friday | monday | saturday | sunday | thursday | tuesday | wednesday>

    config fields

    edit <entry_ID>

    set name <string>

    set value <string>

    next

    end

    next

    end

  2. Create an automation action.

    config system automation-action

    edit <name>

    set action-type {alert | cli-script | email | snmp-trap | webhook}

    set accprofile <string>

    set email-body <string>

    set email-from <string>

    set email-subject <string>

    set email-to <email_address>

    set headers <request_headers>

    set http-body <request_body>

    set method {delete | get | patch | post | put}

    set minimum-interval <0-2592000>

    set port <1-65535>

    set protocol {http | https}

    set script <string>

    set snmp-trap {cpu-high | mem-low | syslog-full | test-trap}

    set uri <request_API_URI>

    next

    end

  3. Create the automation stitch.

    config system automation-stitch

    edit <name>

    set status {enable | disable}

    set trigger <trigger_name>

    set action <action_name>

    next

    end

  4. Test the automation stitch.

    diagnose automation test <automation-stitch-name> [<log_ID>]

Examples

The following example shows how to create an automation stitch that will display an alert in the console every hour.

config system automation-trigger

edit testtrigger

set trigger-type scheduled

set trigger-frequency hourly

set trigger-minute 30

next

end

config system automation-action

edit testaction

set action-type alert

set minimum-interval 1200

next

end

config system automation-stitch

edit teststitch

set status enable

set trigger testtrigger

set action testaction

next

end

diagnose automation test teststitch 0

In the following example, the specified log identifier (32002) causes the FortiSwitch unit to send the log message to the server.

config system automation-action

edit "Send log to server"

set action-type webhook

set uri "172.16.200.44"

set http-body "%%log%%"

set port 80

set headers "Header:1st Action"

next

end

config system automation-trigger

edit "badLogin"

set event-type event-log

set logid 32002

next

end

config system automation-stitch

edit "webhookstitch"

set trigger "badLogin"

set action "Send log to server"

next

end

Previous
Next