Description
This article describes how to create the following automation stitches. Automation stitches can be created to run a CLI script and send an email message when the CPU exceeds specified thresholds.
Scope
FortiGate.
Solution
To define CPU and memory usage thresholds:
config system global
set cpu-use-threshold <percent>
end
In the above, 'cpu-use-threshold' is the threshold at which CPU usage is reported, in the percentage of total possible CPU utilization (default = 90).
Create an automation action to run a CLI script:
For FortiOS v6.4 or earlier:
config system automation-action
edit "high_cpu_debug"
set action-type cli-script
set required enable
set script "
diagnose debug cli 8
get system performance status | grep 'CPU s\|^Average'
diagnose sys profile report
diagnose sys mpstat 1 5
diagnose sys top 1 5 5
"
next
end
For FortiOS v7.0 and above:
config system automation-action
edit "high_cpu_debug"
set action-type cli-script
set script "
diagnose debug cli 8
get system performance status | grep 'CPU s\|^Average'
diagnose sys profile report
diagnose sys mpstat 1 5
diagnose sys top 1 5 5
"
next
end
Set any CLI reports to take within the (" ") quotations for the High CPU incidents.
Create an automation action to send an email:
For FortiOS v6.4 or earlier:
config system automation-action
edit "auto_high_cpu_email"
set action-type email
set email-to "person@fortinet.com"
set email-subject "CSF stitch alert: high_cpu"
set email-body "%%results%%"
next
end
For FortiOS v7.0 and above:
config system automation-action
edit "auto_high_cpu_email"
set action-type email
set email-to "person@fortinet.com"
set email-subject "CSF stitch alert: high_cpu"
set message "%%results%%"
next
end
Create an automation trigger:
config system automation-trigger
edit "auto_high_cpu"
set event-type high-cpu
next
end
Create an automation stitch:
For v7.0 and earlier:
config system automation-stitch
edit "auto_high_cpu"
set trigger "auto_high_cpu"
set action "high_cpu_debug" "auto_high_cpu_email"
next
end
For v7.2 and above:
config system automation-stitch
edit "auto_high_cpu"
set trigger "auto_high_cpu"
config actions
edit 1
set action "high_cpu_debug"
set required enable
next
edit 2
set action "auto_high_cpu_email"
set required enable
next
end
next
end
Once the CPU reaches the threshold, an email will be received.
From v 7.2 and above is possible to configure from the GUI, as well:
- Access in the left panel to Security Fabric -> Automation:
- Create the new 'Actions', one for the CLI script and another one for the Email notification:
- Create the new 'Trigger' for high CPU utilization:
- Create the new 'Stitch':
To confirm the automation's functionality, execute a test by right-clicking on the automation stitch and choosing 'Test Automation Stitch'.
From v7.6.X the option to test an automation stitch is available when selecting the stitch.
Note: The email buffer limit is 192K characters. If the email's total characters exceeds this buffer limit, the output may not be received or may be truncated. Reduce the output commands in the automation CLI script to get only the important command output. If the e-mail is still not received, run the following debug commands to troubleshoot email alert issues:
diagnose debug reset
diagnose debug disable
diagnose debug console timestamp enable
diagnose debug application alertmail -1
diagnose debug enable
diagnose log alertmail test
Related article:
Technical Tip: Use FortiGate automation stitches for alert emails
