Description

This article describes how to create the following automation stitches. Automation stitches can be created to run a CLI script and send an email message when the CPU exceeds specified thresholds.

Scope

FortiGate.

Solution

To define CPU and memory usage thresholds:

config system global
    set cpu-use-threshold <percent>
end

In the above, 'cpu-use-threshold' is the threshold at which CPU usage is reported, in the percentage of total possible CPU utilization (default = 90).

Create an automation action to run a CLI script:

For FortiOS v6.4 or earlier:

config system automation-action
    edit "high_cpu_debug"
        set action-type cli-script
        set required enable
        set script "
        diagnose debug cli 8
        get system performance status | grep 'CPU s\|^Average'
        diagnose sys profile report
        diagnose sys mpstat 1 5
        diagnose sys top 1 5 5
              "
    next
end

For FortiOS v7.0 and above:

config system automation-action
    edit "high_cpu_debug"
        set action-type cli-script
        set script "
        diagnose debug cli 8
        get system performance status | grep 'CPU s\|^Average'
        diagnose sys profile report
        diagnose sys mpstat 1 5
        diagnose sys top 1 5 5
              "
    next
end

Set any CLI reports to take within the (" ") quotations for the High CPU incidents.

Create an automation action to send an email:

For FortiOS v6.4 or earlier:

config system automation-action
    edit "auto_high_cpu_email"
        set action-type email
        set email-to "person@fortinet.com"
        set email-subject "CSF stitch alert: high_cpu"
        set email-body "%%results%%"
    next
end

For FortiOS v7.0 and above:

config system automation-action
    edit "auto_high_cpu_email"
        set action-type email
        set email-to "person@fortinet.com"
        set email-subject "CSF stitch alert: high_cpu"
        set message "%%results%%"
    next
end

Create an automation trigger:

config system automation-trigger
    edit "auto_high_cpu"
        set event-type high-cpu
    next
end

Create an automation stitch:

For v7.0 and earlier:

config system automation-stitch
    edit "auto_high_cpu"
        set trigger "auto_high_cpu"
        set action "high_cpu_debug" "auto_high_cpu_email"
    next
end

For v7.2 and above:

config system automation-stitch
    edit "auto_high_cpu"
        set trigger "auto_high_cpu"
          config actions
              edit 1
                  set action "high_cpu_debug"
                  set required enable
              next
              edit 2
                  set action "auto_high_cpu_email"
                  set required enable
              next
          end
     next
end

Once the CPU reaches the threshold, an email will be received.

From v 7.2 and above is possible to configure from the GUI, as well:

• Access in the left panel to Security Fabric -> Automation:

2. Create the new 'Actions', one for the CLI script and another one for the Email notification:

3. Create the new 'Trigger' for high CPU utilization:

4. Create the new 'Stitch':

Related article:

Technical Tip: Use FortiGate automation stitches for alert emails