Skip to main content
JJGough
JJGough
New Member
October 29, 2021
Question

Possible To Get EXACT Configuration Change - Automation Stitch - Sent to Slack

  • October 29, 2021
  • 1 reply
  • 4942 views

Hello!

I'm looking to get these messages converted over to Slack notifications, but I haven't been able to figure out how to do so.  I've found this thread, but it is looking specifically for emails: https://forum.fortinet.com/tm.aspx?m=187812

I have configured the slack notification for configuration change in the automation, but it only advises when an admin made changes during their session, not what they changed.

 

This is what I'm looking for:

Message meets Alert condition date=2021-10-29 time=11:37:28 devname=COMPANY devid=FGT80ETK1786587 eventtime=786587657865 tz="-0400" logid="0100577800440547" type="event" subtype="system" level="information" vd="root" logdesc="Object attribute configured" user="NAME" ui="GUI(199.199.99.9)" action="Edit" cfgtid=864512 cfgpath="user.local" cfgobj="UNAME" cfgattr="type[ldap->ldap]two-factor[disable->fortitoken]fortitoken[->FTKMOB345678]email-to[->uname@company.com]" msg="Edit user.local uname"

 

Currently running Firmware: V 7.0.1 build 0157 GA

 

Let me know your thoughts,

Thank you!

1 reply

lobstercreed
lobstercreed
New Member
October 29, 2021

You can send emails to a Slack channel though so that *would* work I think.  Do you not like the formatting when you do it that way?  I can't say I'm familiar with the actual Slack automation stitch...it's just a way I started getting alerts from a variety of things a while back.

JJGough
JJGoughAuthor
New Member
October 29, 2021

Thanks Lobstercreed! I'm new to slack so this was nice.

I don't love that I need to expand the message to see what it is, so I'd love to be able to use the webhook instead :D But this is a start!

TecnetRuss
TecnetRuss
Visitor III
October 30, 2021

Hey JJ,

 

I posted the solution in the thread you referenced.  It looks like you're only using the Automation Stitch notifications which don't send the details of what changed, unlike the old "Alert Email Settings" option.  Since the "Alert Email Settings" isn't present in the web interface anymore in 6.4 and 7.0 you have to set this using the command line.

 

If you open your command line and type ...

config alertemail setting

show

 

... you should see something like this:

config alertemail setting   set username "uname@company.com"   set mailto1 "notifications@company.com"   set configuration-changes-logs enable end

 

If you don't see this, use these 5 commands to enable change notifications.  This should enable the e-mails you're looking for, and hopefully you can send those to Slack to get processed (haven't done this myself).

 

If you have done this already and it's not working, post back and I'll see if I can help.

 

Russ

NSE7

Terms & ConditionsAccessibility statement