Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
laltuzar
Staff
Staff

Created on ‎01-31-2024 10:20 PM

Article Id 297031

Technical Tip: Configure Stitch to alert when a port from a FortiSwitch came up/down

Description

 

This article describes how to create an automation stitch on FortiGate to automatically send an email when a certain port comes up or down.

It is possible to differentiate between the serial number of a FortiSwitch, so the stitch can be triggered when a specific port from a specific FortiSwitch flapped. This is especially useful for some users who want to actively monitor their network. 

 

Scope

 

FortiSwitch, FortiGate.

 

Solution

 

Every event logs from System events have a specific Log ID. In this case, the log ID for 32695 corresponds to an event on the switch-controller and corresponds to a port change.

 

  1. Log in to FortiGate and go to Log & Report -> System Events -> FortiSwitch Events. Filter by Log Id 32695. Notice that only the logs regarding port status changes are displayed.
  2. Go to Security Fabric -> Automation. Create an Action, a Trigger and a Stitch as follows:
  3. Configuring the Action:

 

config system automation-action
    edit "email-interface-change"
        set action-type email
        set email-to "your@email.com"
        set email-subject "Change interface status notification email"
    next
end

 

Make sure to change the email-to field for the actual email of the receiver.

 

  1. Configure the Trigger:

 

config system automation-trigger
    edit "test_interface_down"
        set event-type event-log
        set logid 32695 <----- Notice the logid 32695.
            config fields
                edit 1
                    set name "msg"
                    set value "primary switch port port1 has gone down" <----- Notice the exact message value. Change the port number as needed.
                next
                    edit 2
                        set name "sn"
                        set value "S124FPTFXXXXXXXX" <----- Notice the Serial number of the device to monitor.
                    next
                end
            next
        end

 

  1. Configure the Stitch:

 

config system automation-stitch
    edit "Test-interface-down"
        set trigger "test_interface_down" <----- Notice the name of the trigger configured in step 4.
            config actions
                edit 1
                    set action "email-interface-change" <----- Notice the name of the action configured in step 3.
                    set required enable
                next
            end
        next
    end

 

 

 

The configurations can also be done through GUI. Make sure to configure the following in this order:

 

  1. Action.
  2. Trigger.
  3. Stitch.

 

Action configurationAction configuration

 

Trigger configurationTrigger configuration

 

Stitch configurationStitch configuration

 

Result:

If everything is correctly configured, an email from DoNotReply@notification.fortinet.net should be received. This email can be also modified.

For further details, check the automation stitch documentation: Automation stitches

 

ResultResult

908
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.