FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ekrishnan
Staff
Staff
Article Id 241114
Description This article explains the fields to be chosen to retrieve the script output.
Scope Security Fabric, Automation, CLI script
Solution

Run a CLI script automatically when issues like (conserve mode, high CPU) etc get triggered.

 

1) Create a new Stitch under Security Fabric -> Automation.

 

ekrishnan_0-1672134280805.png

 

2) Select 'Add Trigger' and add the appropriate trigger, the conserve mode trigger is used as an example.

 

ekrishnan_1-1672134359084.png

 

3) Now, the Actions ( CLI script first and then the email) are added. (total 2 Actions are configured)

 

ekrishnan_2-1672134436312.png

 

 4) Select 'Ok'.

 

Sample of the CLI script:

 

ekrishnan_6-1672135358030.png

 

Note.

While configuring the email -Action it is important to change the body of the subject field to %%results%% instead of %%logs%% or can use both but not without %%results%%.

 

ekrishnan_4-1672134751036.png

 

Note.

If the %%results%% pattern is not added then the email received will not have any output of the CLI script commands generated.

 

Below are the description for the representations,

 

All fields from the log or FortiAnalyzer event triggering this stitch:
 

%%results%%:

The complete result from previous action, such as CLI script.


%%results.source%%:

The 'source' property from the previous action.


%%results[aws_ban_ip].source%%:

The'source' property from the results of a previous action named 'aws_ban_ip'.


%%results.sources.1%%:

The first index value in the array 'sources' from the previous action/


%%results.email.from%%:

The 'from' property of an email object from the previous action.


%%log.srcip%%:

The 'scrip' field from the log or FortiAnalyzer event triggers this stitch.

 

- After completing the configuration it is recommended to perform a test stitch to verify if the alert email with the CLI script output is received by the recipient.

 

ekrishnan_5-1672134929837.png

 

 

Note.

- Ensure the mail-server settings are already configured with the appropriate SMTP server.

- Make sure the recipient's email is valid.

Contributors