Skip to main content
msanjaypadma
Staff
msanjaypadma
Staff
July 4, 2025

Technical Tip: Automation stitch with message filter from Event Logs

  • July 4, 2025
  • 0 replies
  • 1455 views
Description

 

This article describes how to configure an automation stitch using message filters derived from event logs.

 

Scope

 

FortiGate.

 

Solution

 

In the following example, an automation stitch is configured to monitor a specific BGP neighbor going down or up. When such an event occurs, an email notification is sent by filtering for the particular neighbor from the router event logs

Step 1: Create an automation stitch:

  • Go under Security Fabric -> Automation -> Create New.

 

Step 1.PNG

 

Step 2: Create an Automation-trigger:

  • Assign a name to 'automation-stich'.
  • Go under 'Trigger' -> Select 'Create new' -> Select 'FortiOS Event Log'.


Step 2.PNG

 

  • Assign a name to 'automation-trigger'.
  • Select the EVENT -> 'BGP neighbor status changed, it monitors log ID: 20300/
  • Specify Field Filter ->  Field Name : 'msg"  and Value : '*neighbor 10.10.10.3 Down*'
  • Select 'OK' and select the respective entry.

 

Step 3.PNG


Step 3: Create an Automation Action.

  • Select 'Action' and select 'Create'.
  • Select the 'Email' option under the Notification section.
  • Specify the respective fields.
  • Select 'OK' and select the respective action entry.
 

Step 4.PNG

 

Once configured, select 'OK' and verify the automation stitch.

 

Step 5.PNG

 

CLI Reference:

 

config system automation-trigger

    edit "automation-trigger"

        set event-type event-log

        set logid 20300

            config fields

                edit 1

                    set name "msg"

                    set value "*neighbor 10.10.10.3 Down*"

                next

            end

    next

end

 

config system automation-action

    edit "Email Notification"

        set action-type email

        set email-to "abc@gmail.com"

        set email-from "abcdef@abc.com"

        set email-subject "%%log.logdesc%%"

        set message "%%log%%"

    next

end

 

config system automation-stitch

    edit "automation-stich"

        set trigger "automation-trigger"

            config actions

                edit 1

                    set action "Email Notification"

                    set required enable

                next

            end

end

 

Verification: 

When a BGP neighborship goes down, the router event logs record a BGP down event. Subsequently, automation is triggered successfully. Verification is done in the GUI by checking the 'Trigger Count' and 'Last Triggered' fields.

 

step 6.PNG

    Terms & ConditionsAccessibility statement