Created on 04-04-2022 10:32 PM Edited on 11-27-2024 11:58 PM By Jean-Philippe_P
Description | This article describes why some automation stitches would not give an option to test it from the GUI as the 'Test Automation Stitch' button would be greyed out. |
Scope | FortiGate. |
Solution |
FortiGate gives an option to configure automation stitches which helps to automate the activities between the different components in the Security Fabric, decreasing the response times to security events.
Events from any source in the Security Fabric can be monitored, and action responses can be set up to any destination.
An automation stitch consists of two parts, the trigger and the actions. The trigger is the condition or event on the FortiGate that activates the action, for example, a specific log, or a failed log-in attempt.
The action is what FortiGate does in response to the trigger.
'Test Automation Stitch' is an option on FortiGate to test the new automation stitches created on FortiGates as shown below:
Sometimes, depending on the trigger or condition of the automation stitch, it could show 'Test Automation Stitch' greyed out as shown below:
When FortiOS Event Log is selected as the trigger, the 'Test Automation Stitch' button will be greyed out and the automation stitch test from the CLI will also fail as shown below:
diagnose automation test test_event_log3
This is expected behavior as the Automation Stitch needs the actual log to be passed in addition to the stitched name.
If no log is included in the command it will fail. So, the GUI is greyed out.
The only way to test the event log trigger in the automation stitch is to use the CLI and supply the actual log to the FortiGate as shown below:
diagnose automation test test_event_log3 "logid=\"0100032001\" type=\"event\" subtype=\"system\" level=\"information\" vd=\"root\" eventtime=1555443953642472388 logdesc=\"Admin login successful\" sn=\"1555443953\" user=\"admin\" ui=\"telnet(10.10.78.78)\" method=\"telnet\" srcip=10.10.78.78 dstip=10.10.78.12 action=\"login\" status=\"success\" reason=\"none\" profile=\"super_admin\" msg=\"Administrator admin logged in successfully from telnet(10.10.78.78)\"" automation test is done. stitch:test_event_log3
For example, actual logs can easily be supplied in this way.
date=2023-08-24 time=13:23:36 eventtime=1692858215320659380 tz="+0700" logid="0100022109" type="event" subtype="system" level="warning" vd="root" logdesc="Temperature too high" action="ipmc-sensor-monitor" status="failure" msg="TMP 4 Temperature temperature is too high: 40000.00 (75.0 celsius degree)"
diagnose log test-text "0100022109" "warning" "logdesc=\"Temperature too high\" action=\"ipmc-sensor-monitor\" status=\"failure\" msg=\"TMP 4 Temperature temperature is too high: 40000.00 (75.0 celsius degree)\""
Below are the other triggers that will show an option the button 'Test Automation Stitch' in the GUI that does not need a FortiAnalyzer connection:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.