Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Nishtha_Baria
Staff
Staff

Created on ‎10-16-2024 08:33 AM Edited on ‎10-16-2024 11:30 PM By Moderator

Article Id 349000

Technical Tip: Configuring an automation stich to notify users via email whenever an administrator makes changes

Description This article describes how to use the automation-stitch functionality to send an alert e-mail every time changes are made by an administrator, along with details of changes made. If necessary, this can assist audits in retracing steps and rolling back the settings.
Scope FortiGate.
Solution

Once the administrator presses Apply in the GUI or enters end/next in the CLI, the stitch will be triggered immediately upon making any changes. The attribute configured and object attribute configured are the log ids 44546 and 44547 in the GUI.

Log ID 32102 (LOG_ID_CHG_CONFIG), which is pre-configured on Automation Stitch Trigger, only notifies that an admin has changed the configuration but does not show the specific parameters or attributes that changed. In addition, this log will only be triggered after the admin logs out from the FortiGate.

Steps that can be followed to set:

 

  1. A trigger needs to be configured as shown below. Search for Event ID ‘44546’ and ‘44547’ and this event will be pulled in the search section.

     

trigger.PNG

 

config system automation-trigger

    edit "Config_Changes"

        set event-type event-log

        set logid 44546 44547

    next

end

 

  1. Configure an Automation Action to send an email when the above event is triggered.

 

action.PNG

 

config system automation-action

    edit "Config_Changed_Email"

        set description ''

        set action-type email

        set forticare-email disable

        set email-to "example@gmail.com"

        set email-from ''

        set email-subject "%%log.logdesc%%"

        set minimum-interval 0

        set message "%%log%%"

        set replacement-message disable

    next

end

 

  1. Configure an Automation Stitch using the trigger and automation action configured above.

 

stitch.PNG

 

config system automation-stitch

    edit "Config_Changed_with_details"

        set trigger "Config_Changes"

            config actions

                edit 1

                    set action "Config_Changed_Email"

                    set required enable

                next

            end

    next

end

 

The following logs should appear in the 'System Events' logs following creation, once the trigger is triggered:

The first example is for the Attribute configured (44546) and the second log is for the Object attribute configured (44547):

 log2.PNG

 log.PNG

 

Choose the log and select Details to get additional information about this record:

 44546.PNG

 

44547.PNG

 

date=2024-10-12 time=14:39:34 eventtime=1728769174898798965 tz="-0700" logid="0100044546" type="event" subtype="system" level="information" vd="root" logdesc="Attribute configured" user="admin" ui="GUI(172.30.184.52)" action="Edit" cfgtid=128123256 cfgpath="system.settings" cfgattr="gui-load-balance[disable->enable]" msg="Edit system.settings "
817
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.