Technical Tip: Automation stitch for conserve mode

FortiGate by default turns on conserve mode when memory consumption reaches 85%.

Read the following articles to understand better how conserve mode is triggered:

Technical Tip: How conserve mode is triggered
Technical Tip: Conserve mode changes

It is possible to generate an automation script to collect the relevant logs when the conserve mode is triggered. This is essential for support engineers to understand which process consumes more memory.

To create an automation stitch, check the following steps:

1. FortiGate version 6.4.X.

Using the GUI:

• Navigate to Security Fabric -> Automation -> Create New.
• Name the automation stitch.
• Under the trigger column select FortiOS event log.
• Select Memory conserve mode entered.
• Under Action Enable CLI Script and Email.
• Under the CLI script edit the following:

Name of the Automation script.

Select super_admin profile.

In the CLI script enter the following: 

For non-VDOM based environment:

diagnose sys top-mem 99
get sys status
get sys performance status
diagnose hardware sysinfo memory

For VDOM-based environment:

config global

diagnose sys top-mem 99
get sys status
get sys performance status
diagnose hardware sysinfo memory

• Under the Email section, add the preferred subject and the email body to %%results%% and save.

Using the CLI:

config sys automation-action

    edit "Script"

        set action-type cli-script

        set script "diagnose sys top-mem 99

get sys status
get sys performance status
diagnose hardware sysinfo memory"

    set accprofile "super_admin"

    next

    edit "Conserve mode_email"

        set action-type email

        set email-to "<email id>"

        set email-subject "Conserve mode"

        set message "%%results%%"

    next

end

config system automation-script

    edit "Conserve mode"

        set trigger "Conserve mode"

        set action "Script" "Conserve mode_email"

    next

end

2. FortiGate v7.0, v7.2 and v7.4.

    

   Using GUI.

• Navigate to Security Fabric -> Automation -> Under Stitch tab Create New.
• Name the Stitch.
• Status: Enable
• Action execution: Secuential
• Add Trigger -> Create -> FortiOS Event Log -> Name the event trigger and in Event select "Memory conserve mode entered" -> OK -> select the created Trigger and Apply.
• Add Action -> Create -> CLI script -> Name the CLI script action and in the Script field type the following
  
• For non-VDOM based environment:

diagnose sys top-mem 99
get sys status
get sys performance status
diagnose hardware sysinfo memory

• For VDOM based environment:

config global

diagnose sys top-mem 99
get sys status
get sys performance status
diagnose hardware sysinfo memory

• Select admin profile as super_admin -> OK -> Select the created Action and Apply
• Select the + sign to Add another action -> Create -> Email -> Name the Email action.
• Add the email address in the 'To' field, and the preferred Subject message in the field, next change the email Body to: %%results%%
  -> Select 'OK',
• Select the created email Action and Apply
• Save the automation script by selecting 'OK'.
  
  

Example:

(Optional).
Once saved, right-click over the created stitch and then select '►Test Automation Stitch'.

Using CLI.

config sys automation-action

    edit "Script"

        set action-type cli-script

        set script "diagnose sys top-mem 99
get sys status
get sys performance status
diagnose hardware sysinfo memory"

    set accprofile "super_admin"

    next

    edit "Conserve mode_email"

        set action-type email

        set email-to "<email id>"

        set email-subject "Conserve mode"

        set message "%%results%%"

    next

end

config system automation-trigger

    edit "Conserve mode trigger"

        set event-type low-memory

    next

end

config system automation-stitch

    edit "Conserve mode"

        set trigger "Conserve mode trigger"

            config actions

                edit 1

                    set action "Script"

                    set required enable

                next

                edit 2

                    set action "Conserve mode_email"

                    set required enable

                next

            end

    next

    end

Note: By design the maximum buffer size is 16KB so the output will not exceed this value.

FortiOS 7.2.6 and 7.4.0 and above will support a 192KB buffer limit.

Version 7.2 does not have a pre-defined 'memory conserve mode entered' event.

To create an automation stitch for these versions, select a pre-defined trigger named 'Conserve Mode'.

See the image below for this trigger:

Related articles:

• Technical Tip: Creating automation stitches
  
• Technical Tip: Execute a CLI script based on HIGH CPU
  
• Troubleshooting Tip: Test automation stitch is grayed out in GUI when schedule trigger is configured
  
• Technical Tip: 'Test Automation Stitch' button is greyed out when trying to test a newly created aut...