|
- Use Wildcard (*) to match sub-string in field’s value.
- It can be used to match a string of field of any log.
- Example: This example shows how to catch the 'Down BGP Notification' string in field "msg" when log of BGP is generated.
Log:
Field: msg
Value: "BGP: %BGP-5-ADJCHANGE: VRF 0 neighbor 192.168.10.2 Down BGP Notification FSM-ERR
date=2022-01-22 time=14:14:06 eventtime=1642889646347816623 tz="-0800" logid="0103020300" type="event" subtype="router" level="warning" vd="root" logdesc="BGP neighbor status changed" msg="BGP: %BGP-5-ADJCHANGE: VRF 0 neighbor 192.168.10.2 Down BGP Notification FSM-ERR
Syntax:
# config systemautomation-trigger
edit "trigger name>
set event-type event-log
set logid <log id> <----- Select the event ID.
# config field
edit 1
set name "msg" <----- Fields of the log message.
set value "*Down BGP Notification*" <----- String of the 'msg' field with * to match the sub-string.
next
end
next
end
Configuration:
# config system automation-stitc
edit "bgp down neighbor"
set trigger "bgP_neighbor_down"
# config action
edit 1
set action "fortigate_email"
set required enable
next
end
next
end
# config systemautomation-trigger
edit "bgP_neighbor_down"
set event-type event-log
set logid 20300 <----- Select the event id which is for BGP neighbor status changed.
# config field
edit 1
set name "msg" <----- Fields of the log message.
set value "*Down BGP Notification*" <----- String of the msg fields along with * to match the string.
next
end
next
end
HQ # show system automation-action fortigate_email
# config system automation-actio
edit "fortigate_email"
set action-type email
set email-to "xyz@yahoo.com"
set email-subject "login_failed"
next
end
|
