FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
samandeep
Staff
Staff
Article Id 329913
Description

This article describes how to configure the automation stitch before the unit goes into Conserve Mode.

Scope FortiGate 7.x.x.
Solution

It can be achieved by using FortiOS Event logs as an automation trigger.

 

Generally, FortiGate goes into conserve mode when the memory reaches 82 (green) based on default settings.

 

config system global

    set memory-use-threshold-extreme 95

    set memory-use-threshold-green 82

    set memory-use-threshold-red 88

end

 

To achieve this, use FortiOS Event logs as an 'automation trigger' and set the 'Memory' based on the earliest convenience.

 

samandeep_0-1722548559837.png

 

Ensure the use of the correct syntax (Case-sensitive) information in the field filter and the value would be a percentage.

 

samandeep_1-1722548559839.png

 

 

That means that when the memory reaches 80%, the Administrator gets an email notification and then can prepare for gathering the CPU or memory debugs when the unit goes into conserve mode.

 

To get more flexibility in terms of setting range (greater than and less than), recommend using the FortiAnalyzer event handler.

 

Once the Admin gets an email alert below logs would be helpful to provide to TAC:

 

Run the commands below to gather all the relevant logs needed:

 

get system status

get system performance status     <----- Run this command 5 times in intervals of 1 minute.

diagnose sys top 2 40             <-----Let this command run for 1 minute, then stop it via ctrl+c.
diagnose sys top-mem              
<----- Let this command run for 1 minute, then stop it via ctrl+c.
diagnose hard sysinfo memory
diagnose hard sysinfo slab
diagnose hard sysinfo shm
diagnose hard sysinfo conserve
diagnose debug crashlog read     
        

 

 

Related document:

Consolidate Event Handlers for FortiGate System Events