Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akumarr
Staff
Staff

Created on ‎05-13-2020 06:07 AM Edited on ‎01-06-2025 06:55 AM By Moderator

Article Id 195103

Technical Tip: Execute a CLI script based on high CPU

Description

 

This article describes how to create the following automation stitches. Automation stitches can be created to run a CLI script and send an email message when the CPU exceeds specified thresholds.

 

Scope

 

FortiGate.

Solution


To define CPU and memory usage thresholds:

 

config system global
    set cpu-use-threshold <percent>
end

 

In the above, 'cpu-use-threshold' is the threshold at which CPU usage is reported, in the percentage of total possible CPU utilization (default = 90).

Create an automation action to run a CLI script:

 

For FortiOS v6.4 or earlier:

 

config system automation-action
    edit "high_cpu_debug"
        set action-type cli-script
        set required enable
        set script "diagnose debug cli 8
        get system performance status | grep 'CPU s\|^Average'
        diagnose sys profile report
        diagnose sys mpstat 1 5
        diagnose sys top 1 5 5
    next
end

 

For FortiOS v7.0 and above:

 

config system automation-action
    edit "high_cpu_debug"
        set action-type cli-script
        set script "diagnose debug cli 8
        get system performance status | grep 'CPU s\|^Average'
        diagnose sys profile report
        diagnose sys mpstat 1 5
        diagnose sys top 1 5 5
    next
end

 

Create an automation action to send an email:

 

For FortiOS v6.4 or earlier:

 

config system automation-action
    edit "auto_high_cpu_email"
        set action-type email
        set email-to "person@fortinet.com"
        set email-subject "CSF stitch alert: high_cpu"
        set email-body "%%results%%"
    next
end

 

For FortiOS v7.0 and above:

 

config system automation-action
    edit "auto_high_cpu_email"
        set action-type email
        set email-to "person@fortinet.com"
        set email-subject "CSF stitch alert: high_cpu"
        set message "%%results%%"
    next
end

 

Create an automation trigger:

 

config system automation-trigger
    edit "auto_high_cpu"
        set event-type high-cpu
    next
end

 

Create an automation stitch:

 

For v7.0 and earlier:

 

config system automation-stitch
    edit "auto_high_cpu"
        set trigger "auto_high_cpu"
        set action "high_cpu_debug" "auto_high_cpu_email"
    next
end

 

For v7.2 and above:

 

config system automation-stitch
    edit "auto_high_cpu"
        set trigger "auto_high_cpu"
          config actions
              edit 1
                  set action "high_cpu_debug"
                  set required enable
              next
              edit 2
                  set action "auto_high_cpu_email"
                  set required enable
              next
          end
     next
end

 

Once the CPU reaches the threshold, an email will be received.

Related article:

Technical Tip: Use FortiGate automation stitches for alert emails

8152
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.