| Scope |
It is possible to take advantage of any generated log at FortiOS such as Event Logs, SD-WAN logs, WiFi Events, General System Events, etc. to send a webhook to Teams.
|
| Solution |
On Teams:
- Open Workflows in the Teams Channel chosen.
-
Select 'Post card to channel in Microsoft Teams when webhook request is received', and name it as needed.
-
Select Teams and Teams Channel and add workflow.
-
Copy and save the generated URL for later use.
On FortiGate:
-
In this example, it is used an SD-WAN health check log: 'Member status changed. Member out-of-sla'. As the notification trigger.
Go to Security Fabric -> Automation -> Stitch -> Create New:
Select Add Trigger, create FortiOS Event Log.
-
Input Name and select Event: 'SDWAN status', fill in the Field filter with: 'msg' and value: 'Member status changed. Member out-of-sla.' then click OK:
-
Select Add Action, create, and select 'Webhook':
-
Name it and:
Paste the previously saved URL.
Hint: remove the ':443' text from the domain.
Select protocol: HTTPS.
-
Next, in the HTTP body field paste the following JSON Code, and select OK:
{
"type":"message",
"attachments":[
{
"contentType":"application/vnd.microsoft.card.adaptive",
"contentUrl":null,
"content":{
"$schema":"http://adaptivecards.io/schemas/adaptive-card.json",
"type":"AdaptiveCard",
"version":"1.2",
"body":[
{
"type": "TextBlock",
"text": '**%%devname%%** has reported: '
},
{
"type": "TextBlock",
"text": '**%%logdesc%%**'
},
{
"type": "TextBlock",
"text": '%%msg%%'
},
{
"type": "TextBlock",
"text": 'HealthCheck is: **%%healthcheck%%** ',
"wrap": true
},
{
"type": "TextBlock",
"text": 'Member ID is: **%%member%%** ',
"wrap": true
},
{
"type": "TextBlock",
"text": 'SLA Target ID is: **%%slatargetid%%** ',
"wrap": true
}
]
}
}
]
-
The stitch should look like this, select OK:
-
Finally, SLA change notifications are received in the Teams Channel:
|
