| Description | This article describes how admins can use automation stitch in conserve mode to collect necessary reports. |
| Scope | FortiOS |
| Solution |
While conserve mode is in effect, users cannot login to the unit, which makes it impossible to collect reports in real time for incidents with the unit (e.g., high process, high memory, performance statistics etc.). To capture this information, the best practice is to set an automation stitch that will collect the logs and send it through an email to the administrator.
CLI:
config system automation-action
edit "Report_Collection"
set action-type cli-script
set script "
diagnose sys top 1 20
get sys status
get sys performance status
diagnose debug crashlog read
diagnose sys process sock-mem
diagnose hardware sysinfo memory
diagnose hardware sysinfo interrupts
diagnose sys top-mem
diagnose netlink interface packet-rate
diagnose sys mpstat 3 5
"
next
edit "Email Notification"
set description "Send a custom email to the specified recipient(s)."
set action-type email
set email-to "email@example.com"
set email-subject "%%report.collection.in.high.memory%%"
next
end
config system automation-trigger
edit "high_memory_trigger"
set event-type low-memory
next
end
config system automation-stitch
edit "auto-stitch"
set trigger "high_memory_trigger"
config actions
edit 1
set action "Email Notification"
set required enable
next
edit 2
set action "Report_Collection"
set delay 5
set required enable
next
end
next
end
GUI:
Lastly, to create the stitch, go to Security Fabric -> Automation -> Stitch-> Edit or Create New.
Any necessary CLI scripts can be added in script part under 'Report_Collection'. The 'email-to' option is to send the report through email to the configured recipient in 'Email Notification'. The conserve mode event 'high_memory_trigger' is being set, but other events can also be used. In the automation stitch, the trigger and actions are set. A 5 second delay has been added in the 'Report_Collection' action, which is adjustable.
Related article: |
