Description

This article describes how to get an alert email whenever any local policy is added or changed on the firewall with the help of automation stitches.

Scope

FortiGate.

Solution

Configure the automation stitches as below:

Go to Security Fabric -> Automation and select 'Create New'.

Automation Trigger:

Automation Action:

CLI reference:

config system automation-action

    edit "Default Email"

        set description "Default automation action configuration for sending an email with basic information on the log event."

        set action-type email

        set email-to "salonjoshi68@gmail.com"

        set email-from "notification@fortinet.com"

        set email-subject "%%log.logdesc%%"

        set message "%%log%%"

    next

end

config system automation-trigger

    edit "local"

        set event-type event-log

        set logid 32172 32174 32173

    next

end

config system automation-stitch

    edit "Local-in-policy"

        set trigger "local"

        config actions

            edit 1

                set action "Default Email"

                set required enable

            next

        end

    next

end

Make sure the SMTP server configuration is working properly. This example is using the default FortiGuard SMTP configuration so, if any local policy is added or changed, an alert will be obtained in the specified email as below:

To test an automation stitch:

On the FortiGate GUI, go to Security Fabric -> Automation, 'right-click' on the respective automation stitch, select Test Automation Stitch. Testing an automation stitch from the CLI is performed using the command:

diagnose automation test <stitch-name> <log>

Related article:

Creating automation stitches - FortiGate 6.2.15 cookbook

Technical Tip: How to test an automation-stitch configured to trigger on an event log