Description

This article describes how to create an automation stitch on FortiGate to automatically send an email when a certain port comes up or down.

It is possible to differentiate between the serial number of a FortiSwitch, so the stitch can be triggered when a specific port from a specific FortiSwitch flapped. This is especially useful for some users who want to actively monitor their network. 

Scope

FortiSwitch, FortiGate.

Solution

Every event logs from System events have a specific Log ID. In this case, the log ID for 32695 corresponds to an event on the switch-controller and corresponds to a port change.

1. Log in to FortiGate and go to Log & Report -> System Events -> FortiSwitch Events. Filter by Log Id 32695. Notice that only the logs regarding port status changes are displayed.
2. Go to Security Fabric -> Automation. Create an Action, a Trigger and a Stitch as follows:
3. Configuring the Action:

config system automation-action
    edit "email-interface-change"
        set action-type email
        set email-to "your@email.com"
        set email-subject "Change interface status notification email"
    next
end

Make sure to change the email-to field for the actual email of the receiver.

4. Configure the Trigger:

config system automation-trigger
    edit "test_interface_down"
        set event-type event-log
        set logid 32695 <----- Notice the logid 32695.
            config fields
                edit 1
                    set name "msg"
                    set value "primary switch port port1 has gone down" <----- Notice the exact message value. Change the port number as needed.
                next
                    edit 2
                        set name "sn"
                        set value "S124FPTFXXXXXXXX" <----- Notice the Serial number of the device to monitor.
                    next
                end
            next
        end

5. Configure the Stitch:

config system automation-stitch
    edit "Test-interface-down"
        set trigger "test_interface_down" <----- Notice the name of the trigger configured in step 4.
            config actions
                edit 1
                    set action "email-interface-change" <----- Notice the name of the action configured in step 3.
                    set required enable
                next
            end
        next
    end

The configurations can also be done through GUI. Make sure to configure the following in this order:

1. Action.
2. Trigger.
3. Stitch.

Action configuration

Trigger configuration

Stitch configuration

Result:

If everything is correctly configured, an email from DoNotReply@notification.fortinet.net should be received. This email can be also modified.

For further details, check the automation stitch documentation: Automation stitches

Result