If you can use one of the probing methods supported by FortiGate's link-monitor (e.g. ping) to monitor the desired device, then you can certainly do it!
As some of the options are CLI-only, I will just give you the CLI snippets below.
The expected flow of events is:
- Link monitor fails
- System Event Log is generated for this change of state
- Automation stitch detects the log entry
- Email sent
# link monitor
config system link-monitor
edit "monitor-device-1"
set srcintf "<interface that has connectivity to target device>"
set server "<target device ip>"
set interval 1000 # probing interval in ms
set failtime 3 # how many failed probes needed to switch to 'dead'
set recoverytime 3 # how many successful probes needed to switch to 'alive'
set update-policy-route disable # we want no changes to routing
set service-detection enable # ditto, for monitoring only
next
end
# automation trigger
config system automation-trigger
edit "link-monitor-down"
set description "Trigger on \'Link monitor status warning\' log message if matching the configured link-monitor name"
set event-type event-log
set logid 22932
config fields
edit 1
set name "name"
set value "monitor-device-1" # name of the link-monitor object above
next
end
next
end
# automation action
config system automation-action
edit "email-on-monitor-fail"
set action-type email
set email-to "<recipient email>"
set email-from "<sender-email>"
set email-subject "Device Detected Down"
set minimum-interval 120
set message "FIY: %%log.name%% is down." #using the link-monitor name as a variable here, optional.
next
end
#automation stitch
config system automation-stitch
edit "Email on link-monitor failure"
set trigger "link-monitor-down"
config actions
edit 1
set action "email-on-monitor-fail"
set required enable
next
end
next
end
The link monitor state can be checked with diagnose sys link-monitor status <monitor-name>. Once it's all set up (including making sure email delivery works, not covered here!), you should get an email as soon as the monitor fails.
