Fortinet Community

This article describes the difference in Asterisk behavior in automation-trigger settings depending on the version.

Event log:

logid="0100032001" type="event" subtype="system" level="information" vd="root" logdesc="Admin login successful" sn="xxxxx" user="admin" ui="ssh(x.x.x.x)" method="ssh" srcip=x.x.x.x dstip=x.x.x.x action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from ssh(x.x.x.x)"

Message ID: 32001

Message Description: LOG_ID_ADMIN_LOGIN_SUCC

Message Meaning: Admin login successful

Type: Event

Category: SYSTEM

Severity: Information

When required to set automation-trigger using specific message value in logs, it is possible to configure the automation-trigger settings as below:

# config system automation-trigger
    edit "EVENTLOG"
        set event-type event-log
        set logid 32001
        # config fields
            edit 1
                set name "msg"
                set value "Administrator *"

The difference in Asterisk behavior in FortiOS:

In FortiOS 6.4, 7.0 and higher version:

set value "*admin*" <----- Triggered.

set value "Administrator*" <----- Triggered.

set value "logged" <----- Not triggered.

In FortiOS 6.2 version:

set value "*admin*" <----- Not triggered.

set value "Administrator*" <----- Not triggered.

set value "logged" <----- Not triggered.

Conclusion.

In FortiOS 6.2, it should match the overall value, but in version 6.4 and later versions, it is possible to trigger using Asterisk even if only a few words in the message value are known