FortiGate # diag test app autod 01. Enable/disable log dumping2. Show automation settings.3. Show automation statistics.4. Show plugin statistics.5. Show running stitches.
These are the available options for this process, and they can provide valuable information about why the automation stitch failed to work.For example, we can see which automation is active:
FortiGate # diag test app autod 2csf: disabled root:noversion:0 sync time:total stitches activated: 1stitch: backupdestinations: alltrigger: backuplocal hit: 0 relayed to: 0 relayed from: 0actions:backup type:cli-script interval:0delay:0 required:yesscript:execute backup config ftp /Backup/backup.cfg 192.168.1.253 testuser testpassword
Or it is posible to see if the statistics for this process:
FortiGate # diag test app autod 4action plugin stats:email:flags:1stats: total:0 cur:0 done:0 drop:0ios-notification:flags:1stats: total:172 cur:0 done:172 drop:0alert:flags:0stats: total:0 cur:0 done:0 drop:0
Most importantly, to troubleshoot the automation stitch process, it is necessary to stop all running scripts, reset any debug that may be running, then enable log dumping and cli debug for automation stitch.This is writing to console the commands taken once the automation stitch is triggered.
FortiGate # exec auto-script stopallNo script is running.FortiGate # diag debug resetFortiGate # diag test app autod 1autod log dumping is enabledFortiGate # diag debug cli 7Debug messages will be on for 30 minutes.FortiGate # diag debug enable
Now, it is possible trigger the automation in the CLI as follows (or GUI: select the automation to test -> Test Automation Stitch).The command line will reveal the 'behind the scenes' actions leading to the problem experienced.For example, in this case it shows a connectivity failure (because indeed, no such IP exists on this test network):
FortiGate # exec auto-script start backup <----- In this case, the name of the script is 'backup'.FortiGate # auto_stitch_stats()-103: Request stitch(all) statistics0: config system auto-script0: edit "autod.0"0: set script "execute backup config ftp /Backup/backup.cfg 192.168.1.253 testuser testpassword"0: end__action_cli_script_open()-182: cli script action:backup is called. svc ctx:0x6142378accprof:super_admin script:execute backup config ftp /Backup/backup.cfg 192.168.1.253 testuser testpassword5: execute backup config ftp /Backup/backup.cfg 192.168.1.253 testuser testpassword__cli_script_close()-122: cli script:autod.0output:########## script name: autod.0 ##########========== #1, 2021-10-25 14:32:02 ==========FortiGate $ execute backup config ftp /Backup/backup.cfg 192.168.1.253 testuser testpasswordPlease wait...Connect to ftp server 192.168.1.253 ...Send config file to ftp server via vdom root failed.Command fail. Return code 5Related articles.__action_cli_script_close()-209: cli script action is done.
https://docs.fortinet.com/document/fortigate/7.0.1/administration-guide/139441/automation-stitches
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/139441/automation-stitchesRelated Articles
Technical Tip: Programming a daily restart (reboot)
Technical Tip: Use FortiGate automation stitches for alert emails
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.