CLI script action
CLI scripts can run when an automation stitch is triggered. The scripts can be entered manually, uploaded as a file, or recorded in the CLI console. The output of the script can be sent as an email action.
The maximum length of the CLI script action output is 16 thousand characters. The CLI script can be configured in the GUI and CLI; however, the output size and timeout settings can only be configured in the CLI.
config system automation-action edit <name> set action-type cli-script set output-size <integer> set timeout <integer> next end
output-size <integer> |
Set the size to limit the script output, in megabytes (1 - 1024, default = 10). |
timeout <integer> |
Set the maximum running time for this script, in seconds (0 - 300, 0 = no timeout). |
Example
In this example, the script sets the idle timeout value to 479 minutes, and sends an email with the script output.
To configure a stitch with a CLI script action in the GUI:
- Go to Security Fabric > Automation and click Create New.
- Enter the stitch name (auto-cli-1).
- Configure the trigger:
- Click Add Trigger.
- Click Create and select Security Rating Summary.
- Enter the following:
Name
auto-cli-1
Report
Security Posture
- Click OK.
- Select the trigger in the list and click Apply.
- Configure the CLI Script action:
- Click Add Action.
- Click Create and select CLI Script.
- Enter the following:
Name
admintimeout
Script
config system global set admintimeout 479 end
Alternatively, click Upload to upload a file, or click >_Record in CLI console and enter the CLI commands.
Administrator profile
Select a profile
- Click OK.
- Select the action in the list and click Apply.
- Configure the Email notification action:
- Click Add Action.
- Click Create and select Email.
- Enter the following:
Name
auto-cli-1_email
To
Enter an email address
Subject
CSF stitch alert
Body
%%results%%
- Click OK.
- Select the action in the list and click Apply.
- Click OK.
To configure a stitch with a CLI script action in the CLI:
- Create the automation trigger:
config system automation-trigger edit "auto-cli-1" set event-type security-rating-summary next end
- Create the automation actions:
config system automation-action edit "admintimeout" set action-type cli-script set script "config system global set admintimeout 479 end" set output-size 10 set timeout 0 set accprofile "super_admin" next edit "auto-cli-1_email" set action-type email set email-to "admin@fortinet.com" set email-subject "CSF stitch alert" set message "%%results%%" next end
- Create the automation stitch:
config system automation-stitch edit "auto-cli-1" set trigger "auto-cli-1" config actions edit 1 set action "admintimeout" set required enable next edit 2 set action "auto-cli-1_email" set required enable next end next end
Sample email
The email sent by the action will look similar to the following: