Fortinet white logo
Fortinet white logo

Administration Guide

CLI script action

CLI script action

CLI scripts can run when an automation stitch is triggered. The scripts can be entered manually, uploaded as a file, or recorded in the CLI console. The output of the script can be sent as an email action.

The maximum length of the CLI script action output is 16 thousand characters. The CLI script can be configured in the GUI and CLI; however, the output size and timeout settings can only be configured in the CLI.

config system automation-action
    edit <name>
        set action-type cli-script
        set output-size <integer>
        set timeout <integer>
    next
end

output-size <integer>

Set the size to limit the script output, in megabytes (1 - 1024, default = 10).

timeout <integer>

Set the maximum running time for this script, in seconds (0 - 300, 0 = no timeout).

Example

In this example, the script sets the idle timeout value to 479 minutes, and sends an email with the script output.

To configure a stitch with a CLI script action in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name (auto-cli-1).
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Click Create and select Security Rating Summary.
    3. Enter the following:

      Name

      auto-cli-1

      Report

      Security Posture

    4. Click OK.
    5. Select the trigger in the list and click Apply.
  4. Configure the CLI Script action:
    1. Click Add Action.
    2. Click Create and select CLI Script.
    3. Enter the following:

      Name

      admintimeout

      Script

      config system global
          set admintimeout 479
      end

      Alternatively, click Upload to upload a file, or click >_Record in CLI console and enter the CLI commands.

      Administrator profile

      Select a profile

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Configure the Email notification action:
    1. Click Add Action.
    2. Click Create and select Email.
    3. Enter the following:

      Name

      auto-cli-1_email

      To

      Enter an email address

      Subject

      CSF stitch alert

      Body

      %%results%%

    4. Click OK.
    5. Select the action in the list and click Apply.
  6. Click OK.
To configure a stitch with a CLI script action in the CLI:
  1. Create the automation trigger:
    config system automation-trigger
        edit "auto-cli-1"
            set event-type security-rating-summary
        next
    end
  2. Create the automation actions:
    config system automation-action
        edit "admintimeout"
            set action-type cli-script
            set script "config system global
                set admintimeout 479
                end"
            set output-size 10
            set timeout 0	
            set accprofile "super_admin"
        next
        edit "auto-cli-1_email"
            set action-type email
            set email-to "admin@fortinet.com"
            set email-subject "CSF stitch alert"
            set message "%%results%%"
        next
    end
  3. Create the automation stitch:
    config system automation-stitch
        edit "auto-cli-1"
            set trigger "auto-cli-1"
            config actions
                edit 1
                    set action "admintimeout"
                    set required enable
                next
                edit 2
                    set action "auto-cli-1_email"
                    set required enable
                next
            end
        next
    end
Sample email

The email sent by the action will look similar to the following:

CLI script action

CLI script action

CLI scripts can run when an automation stitch is triggered. The scripts can be entered manually, uploaded as a file, or recorded in the CLI console. The output of the script can be sent as an email action.

The maximum length of the CLI script action output is 16 thousand characters. The CLI script can be configured in the GUI and CLI; however, the output size and timeout settings can only be configured in the CLI.

config system automation-action
    edit <name>
        set action-type cli-script
        set output-size <integer>
        set timeout <integer>
    next
end

output-size <integer>

Set the size to limit the script output, in megabytes (1 - 1024, default = 10).

timeout <integer>

Set the maximum running time for this script, in seconds (0 - 300, 0 = no timeout).

Example

In this example, the script sets the idle timeout value to 479 minutes, and sends an email with the script output.

To configure a stitch with a CLI script action in the GUI:
  1. Go to Security Fabric > Automation and click Create New.
  2. Enter the stitch name (auto-cli-1).
  3. Configure the trigger:
    1. Click Add Trigger.
    2. Click Create and select Security Rating Summary.
    3. Enter the following:

      Name

      auto-cli-1

      Report

      Security Posture

    4. Click OK.
    5. Select the trigger in the list and click Apply.
  4. Configure the CLI Script action:
    1. Click Add Action.
    2. Click Create and select CLI Script.
    3. Enter the following:

      Name

      admintimeout

      Script

      config system global
          set admintimeout 479
      end

      Alternatively, click Upload to upload a file, or click >_Record in CLI console and enter the CLI commands.

      Administrator profile

      Select a profile

    4. Click OK.
    5. Select the action in the list and click Apply.
  5. Configure the Email notification action:
    1. Click Add Action.
    2. Click Create and select Email.
    3. Enter the following:

      Name

      auto-cli-1_email

      To

      Enter an email address

      Subject

      CSF stitch alert

      Body

      %%results%%

    4. Click OK.
    5. Select the action in the list and click Apply.
  6. Click OK.
To configure a stitch with a CLI script action in the CLI:
  1. Create the automation trigger:
    config system automation-trigger
        edit "auto-cli-1"
            set event-type security-rating-summary
        next
    end
  2. Create the automation actions:
    config system automation-action
        edit "admintimeout"
            set action-type cli-script
            set script "config system global
                set admintimeout 479
                end"
            set output-size 10
            set timeout 0	
            set accprofile "super_admin"
        next
        edit "auto-cli-1_email"
            set action-type email
            set email-to "admin@fortinet.com"
            set email-subject "CSF stitch alert"
            set message "%%results%%"
        next
    end
  3. Create the automation stitch:
    config system automation-stitch
        edit "auto-cli-1"
            set trigger "auto-cli-1"
            config actions
                edit 1
                    set action "admintimeout"
                    set required enable
                next
                edit 2
                    set action "auto-cli-1_email"
                    set required enable
                next
            end
        next
    end
Sample email

The email sent by the action will look similar to the following: