FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Nivedha
Staff
Staff
Description This article describes how to create an automation stitch for the conserve mode.
Scope FortiGate v6.4 and above.
Solution

FortiGate by default turns on conserve mode when memory consumption reaches 85%.

 

Check the following references to understand how the conserve mode is triggered:


https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-conserve-mode-is-triggered/ta-p/198580
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Conserve-mode-changes/ta-p/198502

It is possible to generate an automation script to collect the relevant logs when the conserve mode is triggered. This is essential for support engineers to understand which process is consuming more memory.

 

To create an automation stitch, check the following steps:

 

1) FortiGate version 6.4.x.

 

Using GUI.

 

- Navigate to Security Fabric -> Automation -> Create New.

- Name the automation stitch.

- Under the trigger column select FortiOS event log.

- Select Memory conserve mode entered.

- Under Action Enable CLI Script and Email.

- Under the CLI script edit the following:

Name of the Automation script.

Select super_admin profile.

 

In the CLI script enter the following: 

For non-VDOM based environment:

 

# diagnose system top-mem

# execute tac-report

 

For VDOM-based environment:

 

# config global

# diagnose system top-mem

# execute tac-report

 

- Under the Email section add to email and the preferred subject then change the email body to %%results%% and save.

 

Using CLI.

 

# config sys automation-action

    edit "Script"

        set action-type cli-script

        set script "diagnose sys top-mem -> use enter after this.

exec tac report"

        set accprofile "super_admin"

    next

    edit "Conserve mode_email"

        set action-type email

        set email-to "<email id>"

        set email-subject "Conserve mode"

        set message "%%results%%"

    next

end

 

# config system automation-script

    edit "Conserve mode"

        set trigger "Conserve mode"

        set action "Script" "Conserve mode_email"

    next

end

 

2) FortiGate v7.0 and v7.2.

 

Using GUI.

 

-vNavigate to Security Fabric -> Automation -> Under Stitch tab Create New.

- Name the Stitch.

- Add Trigger -> Create -> Conserve mode -> Name the trigger -> Apply.

- Add Action -> Create CLI script -> Name the CLI script and Under Script type the following.

- For non-VDOM based environment:

 

# diagnose system top-mem

# execute tac-report

 

- For VDOM based environment:

 

# config global

# diagnose system top-mem

# execute tac-report

 

- Select admin profile as super_admin -> Ok -> Apply.

- Select '+' sign to Add another action.

- Add Action -> Email -> Name the action.

- Add to email and the preferred subject and change email body to %%results%%.

- Select 'Ok', Apply and save the automation script.

- Once saved, select the name and then select test-automation script.

 

Using CLI.

 

# config sys automation-action

    edit "Script"

        set action-type cli-script

        set script "diagnose sys top-mem  -> use enter after this.

exec tac report"

        set accprofile "super_admin"

    next

    edit "Conserve mode_email"

        set action-type email

        set email-to "<email id>"

        set email-subject "Conserve mode"

        set message "%%results%%"

    next

end

 

# config system automation-trigger

    edit "Conserve mode trigger"

        set event-type low-memory

    next

end

 

# config system automation-stitch

    edit "Conserve mode"

        set trigger "Conserve mode trigger"

        config actions

            edit 1

                set action "Script"

                set required enable

            next

            edit 2

                set action "Conserve mode_email"

                set required enable

            next

        end

    next

    end

Note : by design the maximum buffer size is 16KB so the output will not exceed this value.