One of the common use cases of Automation Stitches in FortiGate is to be alerted via email when a specific log is generated by FortiGate. It is possible to use any log as a trigger (by including the logid) and even use the log field to be able to match a specific value within the log to trigger an automation stitch. See this article for more information.

To find the log field name, data type and description, 'FortiOS Log Message Reference' can be used and, if the logid is already known, the detail of the log field can be found by using this URL:

https://docs.fortinet.com/document/fortigate/<FortiOS version>/fortios-log-message-reference/<logid> <- The FortiOS version and logID need to be replaced with the correct values.

For example, to find log fields for logid 40704 for a FortiGate running FortiOS version 7.2.8, see this documentation.

It is possible to use specific log fields in email subject and body of the Email notification. To do so the parameter %%log.logfield%% is used. For example if administrator wants the FortiGate name to be included in the Email subject, they can use value %%log.name%% as subject (considering 'name' is a valid log field in the log). This is useful in scenarios where the same automation stitch has been configured on multiple FortiGates and having identifiers in the Email subject makes it easier to differentiate between different devices without having to go through the Email content itself.