Fortinet white logo
Fortinet white logo

Administration Guide

Use case: Real-time incident alerts

Use case: Real-time incident alerts

Scenario

An application experiences a sudden spike in traffic during a promotional sale, causing high CPU usage of FortiWeb.

How FortiWeb responses to this issue
  1. Trigger Detection: FortiWeb detects that its CPU usage exceeds 85%.
  2. Diagnose: FortiWeb runs diagnose commands automatically to print detailed performance information.
  3. Notification: FortiWeb sends an alert to the designated Microsoft Teams channels, notifying the IT team of the high CPU usage and the debug information.

This automation stitch ensures that the IT team is immediately aware of performance issues and can quickly address them, minimizing downtime and maintaining a smooth user experience for customers.

Configurations on FortiWeb

Before performing the following steps, make sure you have already got the URL of the Teams channel you want to send notifications to. For how to get the URL, see Microsoft Teams Notification action.

Perform the following steps on FortiWeb:

  1. Switch the Administrative Domain to Global.
  2. Go to Log&Report > Log Config > Other Log Settings.
  3. Set CPU Utilization to 85%. It will act as the threshold for the CPU Usage trigger.
  4. Click Apply.
  5. Go to Security Fabric > Automation.
  6. Select the Action Tab.
  7. Click Create New to create a CLI Script action.
  8. Select CLI Script.
  9. Enter a name and description.
  10. Enter the following command:

    diagnose policy total-conn-psec list

    diagnose policy total-session list

    diagnose hardware cpu list

    diagnose system top delay 10

  11. Click OK.
  12. Click Create New to create a notification action.
  13. Select Microsoft Teams Notification. Configure the settings:
    Name

    Enter a name.

    Description

    Enter a description.

    URLPaste the webhook URL you got from Teams.
  14. Please leave the "https://" out when you paste the URL because the system will automatically append "https://" to the URL you enter.
  15. Message TypeText
    Message

    The CPU usage of FortiWeb XXXXXX is higher than 85%.

    Refer to the following log:

    %%log%%

    The following is the printout of the diagnose commands:

    %%results%%

  16. Click OK.
  17. Select the Stitch tab.
  18. Enter a name and brief description for this stitch. Enable the status.
  19. Click Add Trigger, select High_CPU, then click Apply.
  20. Click Add Action, select the CLI Script action you just created, then click Apply.
  21. Click Add Action, select the Microsoft Teams Notification action you just created, then click Apply.
  22. Click OK.

When this automation stitch is triggered, you will receive the following message in Microsoft Teams (below is only a snippet of the full message):

Related Videos

sidebar video

FortiWeb: Automation Stitches Real-Time Incident Alerts

  • 179 views
  • 1 years ago

Use case: Real-time incident alerts

Use case: Real-time incident alerts

Scenario

An application experiences a sudden spike in traffic during a promotional sale, causing high CPU usage of FortiWeb.

How FortiWeb responses to this issue
  1. Trigger Detection: FortiWeb detects that its CPU usage exceeds 85%.
  2. Diagnose: FortiWeb runs diagnose commands automatically to print detailed performance information.
  3. Notification: FortiWeb sends an alert to the designated Microsoft Teams channels, notifying the IT team of the high CPU usage and the debug information.

This automation stitch ensures that the IT team is immediately aware of performance issues and can quickly address them, minimizing downtime and maintaining a smooth user experience for customers.

Configurations on FortiWeb

Before performing the following steps, make sure you have already got the URL of the Teams channel you want to send notifications to. For how to get the URL, see Microsoft Teams Notification action.

Perform the following steps on FortiWeb:

  1. Switch the Administrative Domain to Global.
  2. Go to Log&Report > Log Config > Other Log Settings.
  3. Set CPU Utilization to 85%. It will act as the threshold for the CPU Usage trigger.
  4. Click Apply.
  5. Go to Security Fabric > Automation.
  6. Select the Action Tab.
  7. Click Create New to create a CLI Script action.
  8. Select CLI Script.
  9. Enter a name and description.
  10. Enter the following command:

    diagnose policy total-conn-psec list

    diagnose policy total-session list

    diagnose hardware cpu list

    diagnose system top delay 10

  11. Click OK.
  12. Click Create New to create a notification action.
  13. Select Microsoft Teams Notification. Configure the settings:
    Name

    Enter a name.

    Description

    Enter a description.

    URLPaste the webhook URL you got from Teams.
  14. Please leave the "https://" out when you paste the URL because the system will automatically append "https://" to the URL you enter.
  15. Message TypeText
    Message

    The CPU usage of FortiWeb XXXXXX is higher than 85%.

    Refer to the following log:

    %%log%%

    The following is the printout of the diagnose commands:

    %%results%%

  16. Click OK.
  17. Select the Stitch tab.
  18. Enter a name and brief description for this stitch. Enable the status.
  19. Click Add Trigger, select High_CPU, then click Apply.
  20. Click Add Action, select the CLI Script action you just created, then click Apply.
  21. Click Add Action, select the Microsoft Teams Notification action you just created, then click Apply.
  22. Click OK.

When this automation stitch is triggered, you will receive the following message in Microsoft Teams (below is only a snippet of the full message):