If any of the SD-WAN Link SLA statuses get changed, it will show the respective Message log in the System Events -> SD-WAN Events.

Configure automation action via GUI under Security Fabric -> Automation -> Action, select 'Create New' -> Email, and make sure the alertmail configuration is working correctly.

Configure the automation trigger via GUI under Security Fabric -> Automation -> Trigger, select 'Create New' -> FortiOS Event Log, select 'Event', filter the events to SD-WAN, and then enable the required event logs from the available SD-WAN event logs. The minimum required would be SD-WAN status information and SD-WAN status. 

In the Field filter(s) -> Field name -> 'msg'.

In the Value section, add the Message that is visible in the SD-WAN Event logs.

For example: 

Member status changed. Member out-of-sla. 

Or:

Member status changed. Member in SLA.

Now, if any of the SD-WAN SLA status goes down, the log will be generated with the configured message (Member status changed. Member out-of-sla.), and the email will be triggered.

• Use the CLI to configure an automation trigger for SD-WAN SLA events:

config system automation-trigger
    edit "sdwan-sla-events"
        set event-type event-log
        set logid 22925 22931 22933 22934
    next
end

Note:

Log ID 22933 is for 'SD-WAN SLA notification' when the interface status changes from down to up.

Log ID 22931 is used for up to down status change

• Use the following commands to debug and ensure that alert emails are being sent successfully:

diagnose debug disable
diagnose debug reset
diagnose debug application alertmail -1
diagnose debug console