Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gpap_FTNT
Staff
Staff

Created on ‎05-31-2022 05:42 AM Edited on ‎05-31-2022 06:03 AM

Article Id 213521

Technical Tip: Automation stitch test related to event log

Description The article describes how to test an automation stitch configured for event log.
Scope

FortiGate.
Solution

When an automation-stich is configured for event log, in GUI the test is grey and not able to be used.

 

event-log.PNG

For example for a stich that check the interface status, there is:

 

# config system automation-trigger
    edit "interface"
    set event-type event-log
    set logid 20099 <----- Log ID for interface status.

 

In order to test this stich we use the CLI command:

 

# diagnose automation test[stich] 

 

After the automation trigger name CLI prompts for:

 

"arg please input args"

 

There, it is necessary to add the log. In this case the test should be done as:

 

# diagnose automation test interface "date=2022-05-24 time=12:29:26 eventtime=1653388166478984429 tz="+0200" logid=\"0100020099\" type=\"event\" subtype=\"system\" level=\"warning\" vd=\"root\" logdesc=\"Interface status changed\" action=\"interface-stat-change\" status=\"UP\" msg=\"Link monitor: Interface dmz was turned up\"

 

Results:

 

automation test is done. stitch:interface
Labels:
1279
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.