FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ycho
Staff
Staff
Article Id 215574
Description

This article describes the difference in Asterisk behavior in automation-trigger settings depending on the version.

Scope FortiOS 6.2, 6.4, 7.0.
Solution

Event log:

 

logid="0100032001" type="event" subtype="system" level="information" vd="root" logdesc="Admin login successful" sn="xxxxx" user="admin" ui="ssh(x.x.x.x)" method="ssh" srcip=x.x.x.x dstip=x.x.x.x action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from ssh(x.x.x.x)"

 

Message ID: 32001

Message Description: LOG_ID_ADMIN_LOGIN_SUCC

Message Meaning: Admin login successful

Type: Event

Category: SYSTEM

Severity: Information

 

When required to set automation-trigger using specific message value in logs, it is possible to configure the automation-trigger settings as below:

 

# config system automation-trigger
    edit "EVENTLOG"
        set event-type event-log
        set logid 32001
        # config fields
            edit 1
                set name "msg"
                set value "Administrator *"

 

The difference in Asterisk behavior in FortiOS:

 

In FortiOS 6.4, 7.0 and higher version:

 

set value "*admin*" <----- Triggered.

set value "Administrator*" <----- Triggered.

set value "logged" <----- Not triggered.

 

In FortiOS 6.2 version:

 

set value "*admin*" <----- Not triggered.

set value "Administrator*" <----- Not triggered.

set value "logged" <----- Not triggered.

 

Conclusion.

 

In FortiOS 6.2, it should match the overall value, but in version 6.4 and later versions, it is possible to trigger using Asterisk even if only a few words in the message value are known

Contributors