CLI Script action
Configure a CLI Script action to run CLI commands when a trigger occurs. The CLI commands can be entered manually or uploaded as a file.
To configure a CLI Script action:
- Go to Security Fabric > Automation.
- Select the Action tab.
- Click Create New.
- Select CLI Script.
- Enter a name for the CLI Script.
- Enter the CLI scripts to be run. You can enter multiple CLI commands. Alternatively, click Upload to upload a file. The length of the script shouldn't exceed 1024 characters.
If you want to block the source IP addresses logged in attack logs, you can configure a stitch with a "FortiWeb Log" trigger, then use
%%log.srcip%%in the "CLI Script" action to reference the source IP address recorded in the log. The CLI Script action can be something like the following:config waf ip-list
edit "IP-List-Policy1"
config members
edit 0
set type black-ip
set ip %%log.srcip%%
set severity Medium
set trigger-policy "TriggerActionPolicy1"
next
end
next
end
Please note that setting "0" as the index number of the rule or list ("
edit 0" in the example above) means you will let FortiWeb assign an appropriate number based on the indexing of the current rules or lists. - Click OK.
In addition to the config CLI action, the diagnose CLI action is also useful, for example, in cases where you want to print necessary information to troubleshoot. To achieve this purpose, you can run a CLI Script action with diagnose commands, then add a Notification action to send the diagnose printout. The %%results%% parameter should be included in the notification to reference the printout. For more information, see %%results%% Parameter .
Please note that currently FortiWeb doesn't support to display the results of the following diagnose commands in notifications:
-
diagnose debug application
-
diagnose debug flow trace
-
diagnose process strace
-
diagnose system perf top