Technical Tip: How FortiGate Trigger Automation-stitch with Multiple Events

In automation-stitch, the user can set multiple events by event log_id.

For example, if the trigger set event log_id 20202 (disk partitioning or format error) and log_id 20212(disk scan needed), the admin will receive the alert email when either event occurs or both events occur at the same time.

In CLI:

config system automation-trigger

    edit "Disk monitor"

        set description "Monitor Disk"

        set event-type event-log

        set logid 20202 20212

        config fields

            edit 1

                set name "msg"

                set value "*Disk"

            next

        end

    next

end

config system automation-action

    edit "Email"

        set description "Sending an email on the log event."

        set action-type email

        set email-to "xyz@example.xom"

        set email-subject "Disk monitor"

        set message "Disk format error or scan needed"

    next

end

config system automation-stitch

    edit "Disk-monitor"

        set description "disk-monitor"

        set trigger "Disk monitor"

        config actions

            edit 1

                set action "Email"

                set required enable

            next

        end

    next

end

The FortiGate will trigger the automation-stitch action when either of the events occurs, so the logic is ‘or’ instead of ‘and’.