Fortinet white logo
Fortinet white logo

Administration Guide

CLI script action

CLI script action

CLI scripts can be run when an automation stitch is triggered. The scripts can be manually entered, uploaded as a file, or recorded in the CLI console. The output of the script can be sent as an email action.

Note

The maximum size of the CLI script action output is 16K characters.

In this example, the script sets the idle timeout value to 479 minutes, and sends an email with the script output.

To configure a CLI script automation stitch in the GUI:
  1. Go to Security Fabric > Automation.
  2. Click Create New.
  3. Enter a name for the stitch, and select the FortiGate devices that it will be applied to.
  4. Select a trigger, such as Security Rating Summary.
  5. Select CLI Script and Email actions.
  6. Configure the CLI script:

    • To manually enter the script, type it into the Script field.

    • To upload a script file, click Upload and locate the file on your management computer.
    • To record the script in the CLI console, click >_Record in CLI console, then enter the CLI commands.

  7. Configure the email action.
  8. Click OK.
To configure a CLI script automation stitch in the CLI:
  1. Create an automation action:
    config system automation-action
        edit "set admintimeout479"
            set action-type cli-script
            set minimum-interval 0
            set delay 0
            set required enable
            set script "config system global
                set admintimeout 479
                end"
        next
        edit "auto-cli-1_email"
            set action-type email
            set email-to "jnkssll@fortinet.com"
            set email-subject "CSF stitch alert"
            set message "%%results%%"
            set minimum-interval 0
        next
    end
    
  2. Create an automation trigger:
    config system automation-trigger
        edit "auto-cli-1"
            set trigger-type event-based
            set event-type security-rating-summary
        next
    end
  3. Create the automation stitch:
    config system automation-stitch
        edit "auto-cli-1"
            set status enable
            set trigger "auto-cli-1"
            set action "set admintimeout479" "auto-cli-1_email"
        next
    end

Email sample

The email sent by the action will look similar to the following:

CLI script action

CLI script action

CLI scripts can be run when an automation stitch is triggered. The scripts can be manually entered, uploaded as a file, or recorded in the CLI console. The output of the script can be sent as an email action.

Note

The maximum size of the CLI script action output is 16K characters.

In this example, the script sets the idle timeout value to 479 minutes, and sends an email with the script output.

To configure a CLI script automation stitch in the GUI:
  1. Go to Security Fabric > Automation.
  2. Click Create New.
  3. Enter a name for the stitch, and select the FortiGate devices that it will be applied to.
  4. Select a trigger, such as Security Rating Summary.
  5. Select CLI Script and Email actions.
  6. Configure the CLI script:

    • To manually enter the script, type it into the Script field.

    • To upload a script file, click Upload and locate the file on your management computer.
    • To record the script in the CLI console, click >_Record in CLI console, then enter the CLI commands.

  7. Configure the email action.
  8. Click OK.
To configure a CLI script automation stitch in the CLI:
  1. Create an automation action:
    config system automation-action
        edit "set admintimeout479"
            set action-type cli-script
            set minimum-interval 0
            set delay 0
            set required enable
            set script "config system global
                set admintimeout 479
                end"
        next
        edit "auto-cli-1_email"
            set action-type email
            set email-to "jnkssll@fortinet.com"
            set email-subject "CSF stitch alert"
            set message "%%results%%"
            set minimum-interval 0
        next
    end
    
  2. Create an automation trigger:
    config system automation-trigger
        edit "auto-cli-1"
            set trigger-type event-based
            set event-type security-rating-summary
        next
    end
  3. Create the automation stitch:
    config system automation-stitch
        edit "auto-cli-1"
            set status enable
            set trigger "auto-cli-1"
            set action "set admintimeout479" "auto-cli-1_email"
        next
    end

Email sample

The email sent by the action will look similar to the following: