Description |
This article describes the difference in Asterisk behavior in automation-trigger settings depending on the version. |
Scope | FortiOS 6.2, 6.4, 7.0. |
Solution |
Event log:
logid="0100032001" type="event" subtype="system" level="information" vd="root" logdesc="Admin login successful" sn="xxxxx" user="admin" ui="ssh(x.x.x.x)" method="ssh" srcip=x.x.x.x dstip=x.x.x.x action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from ssh(x.x.x.x)"
Message ID: 32001 Message Description: LOG_ID_ADMIN_LOGIN_SUCC Message Meaning: Admin login successful Type: Event Category: SYSTEM Severity: Information
When required to set automation-trigger using specific message value in logs, it is possible to configure the automation-trigger settings as below:
# config system automation-trigger
The difference in Asterisk behavior in FortiOS:
In FortiOS 6.4, 7.0 and higher version:
set value "*admin*" <----- Triggered. set value "Administrator*" <----- Triggered. set value "logged" <----- Not triggered.
In FortiOS 6.2 version:
set value "*admin*" <----- Not triggered. set value "Administrator*" <----- Not triggered. set value "logged" <----- Not triggered.
Conclusion.
In FortiOS 6.2, it should match the overall value, but in version 6.4 and later versions, it is possible to trigger using Asterisk even if only a few words in the message value are known |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.