We have issue with webhook with parameter HTTP Body with %%log%% added to telegram parameter "text" field because it's showing incomplete raw log. I tried to compare email and webhook, email is fine but webhook is incomplete.
For example: 1. In webhook using telegram I receive like this "Administrator msinfokom logged in successfully from ssh(10.xxxxxxx) --- FGTxxxx xxxx Admin Success Login --- date=2022-05-04 time=09:42:28 logid=" after logid it's nothing more 2. In email I receive "FGT[FG1xxxxxxxxxx] Automation Stitch:Admin Success Login Automation is triggered. date=2022-05-04 time=09:42:28 logid="0100032001" type="event" subtype="system" level="information" vd="VDOM_xxxx" eventtime=1651632148xxxxxxxx tz="+0700" logdesc="Admin login successful" sn="16516xxxxx" user="xxxxxx" ui="ssh(10.xx.xxxxxx)" method="ssh" srcip=10.xxxxxx dstip=10.xxxxx action="login" status="success" reason="none" profile="super_admin" msg="Administrator xxxxx logged in successfully from ssh(10.xxxxxx)"" log is complete after logid.
Is something wrong with my webhook configuration? has anyone have the same issue?
I haven't tested webhooks with Telegram, but I think the issue is with how JSON is parsed and the log message.
JSON consists of value pairs with "<field>":"<value>" (like "chat_id"="5").
The log message is 'date=2022-05-04 time=09:42:28 logid="0100032001" [...]' <- there are quotation marks starting with logid.
I think the Telegram API treats that 'logid="' as end of the value for 'text', because of the quotation mark. The quotation marks would probably have to be escaped:
date=2022-05-04 time=09:42:28 logid=\"0100032001\" [...] from ssh(10.14.92.58)\" and then a final " to end the text field.
I do not believe FortiGate adds escape characters to the quotation marks when sending the message to Telegram API, so Telegram API is confused by the many quotation marks in the log message.
I can't say if this would require a feature request to fix or should be considered a bug, that needs to be decided by developers.
I would suggest opening a ticket with Technical Support and reporting the issue (as well as my theory) there to get some assistance in digging into the communication and figuring out if/how it can be fixed.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.