FortiGate.

When an automation-stitch is configured to trigger on an event log, in the GUI, the test option is greyed out and not able to be used.

For example, the following stitch is configured to trigger on interface status changes:

config system automation-trigger
    edit "interface"
        set event-type event-log

        set logid 20099 <----- Log ID for interface status changes.

    next

end

config system automation-action
    edit "Email Notification"
        set description "Send a custom email to the specified recipient(s)."
        set action-type email
        set email-subject "%%log.logdesc%%"
    next
end

config system automation-stitch
    edit "interface"                
        set trigger "interface"                <-- Trigger name.

            config actions 

                edit 1 

                    set action "Email Notification"

                    set required enable

                next 

            end

    next

end

To test the automation-stitch, use the following CLI command:

diagnose automation test[stitch name] [log]

For this test, it is also necessary to add a text log example to the end of the command to test if the stitch truly triggers, for example:

diagnose automation test interface "date=2022-05-24 time=12:29:26 eventtime=1653388166478984429 tz=\"+0200\" logid=\"0100020099\" type=\"event\" subtype=\"system\" level=\"warning\" vd=\"root\" logdesc=\"Interface status changed\" action=\"interface-stat-change\" status=\"UP\" msg=\"Link monitor: Interface dmz was turned up\" "

Results:

automation test is done. stitch:interface

Note: If 'field filter' is configured in automation trigger, make sure the filter matches 'log field name', as the stitch will otherwise not be triggered. For more information, refer to FortiOS event log trigger.