Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pciurea
Staff
Staff

Created on ‎08-30-2021 11:34 AM Edited on ‎02-18-2025 09:48 PM By Community Manager

Article Id 197442

Technical Tip: Filtering automation stitch triggers for FortiGate events based on log parameters

Description


This article describes how to filter automation stitch triggers for FortiGate events based on log parameters.

 

Scope

 

FortiGate.

Solution


As some of the events that trigger an automation stitch can cause excessive or unwanted messages/actions, the CLI filtering option can help mitigate this issue.

Create an automation stitch that will trigger an email to be send, based on a FortiOS event:

  • Go to Security Fabric -> Automation and select 'Create New'.
  • Enter Name, and choose Triggering event – in this case FortiOS Event Log.
  • Choose an action Email and configure the email details – Recipients (TO), subject and body.

 
In this case, the 'the Virtual WAN Link status' log event has been chosen as a triggering event.
 
Event ID is mentioned by hovering the mouse over the selected event – in this case 22923.
 
 
 
As event parameters can be easily seen in the generated log, go to Log&Report -> Events and filter logs based on Log ID (in our case 22923).
This type of event can be triggered by multiple factors, as seen in the Message column:
 
 
 
Use filters to only trigger the stitch for the important logs – example - level is warning.
 
config system automation-trigger
    edit "SDWAN"
        set event-type event-log
        set logid 22923
config field
    edit 1
       set name "level"
       set value "warning"
    next
end
 
Note:
For the filter option 'Name' needs to be configured to match with the log option field (For Example -- Level, User, Massage etc.), and 'Value' needs to be configured matching to the log details for the 'Name' Filter.
 
Important:
This will trigger the stitch only when the level IS warning (will not trigger if level is lower than warning or higher than warning – it is necessary to configure a separate stitch for each level).
Also if you configure multiple filter 'fields', the stitch will only be triggered if ALL filters are matched.
 
Starting v7.0 configure automation stitch filters also on the GUI as mentioned in the following doc:
FortiOS event log trigger
6269
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.