Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
ebilcari
Staff
Staff

Created on ‎02-26-2025 06:02 AM

Article Id 379052

Technical Tip: Use a custom script to send personalized output to a Syslog server

Description

 

This article describes how to create and use Custom Script in FortiNAC and how to send customizable information to a Syslog server.
In this example, a simple use case is shown that checks the licenses. The script can be customized for different verification mechanisms.

 

Scope

 

FortiNAC.

 

Solution

 

The scripts in FortiNAC are located in the '/home/cm/scripts' directory and can be reached after entering the shell.

 

execute enter-shell

cd /home/cm/scripts

touch CheckAndSendSyslog.sh

chmod +x CheckAndSendSyslog.sh

vi -N CheckAndSendSyslog.sh

 

The content of the script can be pasted into the editor and then saved (:wq). This is an example of a Bash script:

 

 

########################  CheckAndSendSyslog.sh ##################
# Check the license count and send a syslog to an external server
##################################################################

#!/bin/bash

## Set Base Directory and define settings
BASEDIR="/home/cm/scripts/"
FullInfo="$BASEDIR/FullInfo.txt"
Warning=500
Critical=100
Server=10.1.1.10
Port=6514

###############################################################
## Find the license information and save the ouptput in a file

RunClient DumpLicenseCount -count -concurrent > "$FullInfo"

###############################################################
## Parse data to find license usage

# Extract used and max values correctly
used=$(grep "Concurrent Licenses Used  =" "$FullInfo" | awk -F'=' '{print $2}' | awk -F',' '{print $1}' | tr -d ' ')
max=$(grep "Concurrent Licenses Used  =" "$FullInfo" | awk -F'Max =' '{print $2}' | tr -d ' ')

# Ensure variables are numbers
used=$((used))
max=$((max))

# Calculate difference
difference=$((max - used))

# Determine status
if (( difference < Critical )); then
    status="CRITICAL: Very few licenses left!"
elif (( difference < Warning )); then
    status="WARNING: Running low on licenses!"
else
    status="OK: License count is sufficient."
fi

# Print results
echo "License Status: Used: $used, Available: $difference, $status"

# Send a messages to the syslog server
echo "License Status: Used: $used, Available: $difference, $status" | nc $Server $Port

# Clean up
rm -f "$FullInfo"

 

 

The script can be configured to run as a scheduled task or as a response to an Event Mappings:

 

Schedule-task.PNG

Syslog content sent to the Syslog server depending on the license usage should appear as follows:

 

2025-02-26 12:50:34 Local7.Debug 10.1.2.71 License Status: Used: 5, Available: 99995, OK: License count is sufficient.

 

Note:

A license notification is already built-in FortiNAC, Logs -> Events & Alarms -> Management -> Event Thresholds. It creates an internal event when the license usage reaches 75% and 95%. This example demonstrates the flexibility of the scripts and the customizable information that can be sent to a syslog server.

41
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.