Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JJGough
New Contributor

Possible To Get EXACT Configuration Change - Automation Stitch - Sent to Slack

Hello!

I'm looking to get these messages converted over to Slack notifications, but I haven't been able to figure out how to do so.  I've found this thread, but it is looking specifically for emails: https://forum.fortinet.com/tm.aspx?m=187812

I have configured the slack notification for configuration change in the automation, but it only advises when an admin made changes during their session, not what they changed.

 

This is what I'm looking for:

Message meets Alert condition date=2021-10-29 time=11:37:28 devname=COMPANY devid=FGT80ETK1786587 eventtime=786587657865 tz="-0400" logid="0100577800440547" type="event" subtype="system" level="information" vd="root" logdesc="Object attribute configured" user="NAME" ui="GUI(199.199.99.9)" action="Edit" cfgtid=864512 cfgpath="user.local" cfgobj="UNAME" cfgattr="type[ldap->ldap]two-factor[disable->fortitoken]fortitoken[->FTKMOB345678]email-to[->uname@company.com]" msg="Edit user.local uname"

 

Currently running Firmware: V 7.0.1 build 0157 GA

 

Let me know your thoughts,

Thank you!

4 REPLIES 4
lobstercreed
Valued Contributor

You can send emails to a Slack channel though so that *would* work I think.  Do you not like the formatting when you do it that way?  I can't say I'm familiar with the actual Slack automation stitch...it's just a way I started getting alerts from a variety of things a while back.

JJGough

Thanks Lobstercreed! I'm new to slack so this was nice.

I don't love that I need to expand the message to see what it is, so I'd love to be able to use the webhook instead :D But this is a start!

TecnetRuss

Hey JJ,

 

I posted the solution in the thread you referenced.  It looks like you're only using the Automation Stitch notifications which don't send the details of what changed, unlike the old "Alert Email Settings" option.  Since the "Alert Email Settings" isn't present in the web interface anymore in 6.4 and 7.0 you have to set this using the command line.

 

If you open your command line and type ...

config alertemail setting

show

 

... you should see something like this:

config alertemail setting   set username "uname@company.com"   set mailto1 "notifications@company.com"   set configuration-changes-logs enable end

 

If you don't see this, use these 5 commands to enable change notifications.  This should enable the e-mails you're looking for, and hopefully you can send those to Slack to get processed (haven't done this myself).

 

If you have done this already and it's not working, post back and I'll see if I can help.

 

Russ

NSE7

JJGough

Hi TecnetRuss,

Thank you for your response.  There's no way to switch those email alerts to Slack alerts (without sending it to a slack email)  I'll take what I can get, but would rather have wording in the message rather than an 'attachment' I would need to open.  I do have those emails generating already, but have been asked to convert to Slack messages 

Thank you!

Labels
Top Kudoed Authors