Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Nivedha
Staff
Staff

Created on ‎12-23-2022 12:39 AM Edited on ‎10-28-2024 07:59 AM By Moderator

Article Id 240696

Technical Tip: Automation stitch for conserve mode

Description This article describes how to create an automation stitch for the conserve mode.
Scope FortiGate v6.4 and above. FortiOS 7.2.6 and 7.4.0 and above will support a 192KB buffer limit.
Solution

FortiGate by default turns on conserve mode when memory consumption reaches 85%.

Read the following articles to understand better how conserve mode is triggered:

Technical Tip: How conserve mode is triggered
Technical Tip: Conserve mode changes

It is possible to generate an automation script to collect the relevant logs when the conserve mode is triggered. This is essential for support engineers to understand which process consumes more memory.

 

To create an automation stitch, check the following steps:

 

  1. FortiGate version 6.4.X.

Using the GUI:

 

  • Navigate to Security Fabric -> Automation -> Create New.
  • Name the automation stitch.
  • Under the trigger column select FortiOS event log.
  • Select Memory conserve mode entered.
  • Under Action Enable CLI Script and Email.
  • Under the CLI script edit the following:

Name of the Automation script.

Select super_admin profile.

 

In the CLI script enter the following: 

For non-VDOM based environment:

 

diagnose sys top-mem 99
get sys status
get sys performance status
diagnose hardware sysinfo memory

 

For VDOM-based environment:

 

config global

diagnose sys top-mem 99
get sys status
get sys performance status
diagnose hardware sysinfo memory

 

  • Under the Email section, add the preferred subject and the email body to %%results%% and save.

 

Using the CLI:

 

config sys automation-action

    edit "Script"

        set action-type cli-script

        set script "diagnose sys top-mem 99

get sys status
get sys performance status
diagnose hardware sysinfo memory"

    set accprofile "super_admin"

    next

    edit "Conserve mode_email"

        set action-type email

        set email-to "<email id>"

        set email-subject "Conserve mode"

        set message "%%results%%"

    next

end

 

config system automation-script

    edit "Conserve mode"

        set trigger "Conserve mode"

        set action "Script" "Conserve mode_email"

    next

end

 

  1. FortiGate v7.0, v7.2 and v7.4.

     

    Using GUI.

  • Navigate to Security Fabric -> Automation -> Under Stitch tab Create New.
  • Name the Stitch.
  • Status: Enable
  • Action execution: Secuential
  • Add Trigger -> Create -> FortiOS Event Log -> Name the event trigger and in Event select "Memory conserve mode entered" -> OK -> select the created Trigger and Apply.
  • Add Action -> Create -> CLI script -> Name the CLI script action and in the Script field type the following
  • For non-VDOM based environment:

 

diagnose sys top-mem 99
get sys status
get sys performance status
diagnose hardware sysinfo memory

 

  • For VDOM based environment:

 

config global

diagnose sys top-mem 99
get sys status
get sys performance status
diagnose hardware sysinfo memory

 

  • Select admin profile as super_admin -> OK -> Select the created Action and Apply
  • Select the + sign to Add another action -> Create -> Email -> Name the Email action.
  • Add the email address in the 'To' field, and the preferred Subject message in the field, next change the email Body to: %%results%%
    ->     Select 'OK',
  • Select the created email Action and Apply
  • Save the automation script by selecting 'OK'.

Example:


Untitled.gif


(Optional).
Once saved, right-click over the created stitch and then select 'â–ºTest Automation Stitch'.

 

Using CLI.

 

config sys automation-action

    edit "Script"

        set action-type cli-script

        set script "diagnose sys top-mem 99
get sys status
get sys performance status
diagnose hardware sysinfo memory"

    set accprofile "super_admin"

    next

    edit "Conserve mode_email"

        set action-type email

        set email-to "<email id>"

        set email-subject "Conserve mode"

        set message "%%results%%"

    next

end

 

config system automation-trigger

    edit "Conserve mode trigger"

        set event-type low-memory

    next

end

 

config system automation-stitch

    edit "Conserve mode"

        set trigger "Conserve mode trigger"

            config actions

                edit 1

                    set action "Script"

                    set required enable

                next

                edit 2

                    set action "Conserve mode_email"

                    set required enable

                next

            end

    next

    end

Note: By design the maximum buffer size is 16KB so the output will not exceed this value.

FortiOS 7.2.6 and 7.4.0 and above will support a 192KB buffer limit.

 

Version 7.2 does not have a pre-defined 'memory conserve mode entered' event.

To create an automation stitch for these versions, select a pre-defined trigger named 'Conserve Mode'.

See the image below for this trigger:

 

Screenshot 2024-10-28 102042.png

 

Related articles:
18123
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.