Configuring automation stitches

Starting in FortiSwitch Manager 7.2.2, you can configure automation stitches.

To configure an automation stitch, you specify a trigger and the action that is performed when the trigger occurs and then associate the trigger and action in the automation stitch.

You can specify one of the following triggers:

• An event was logged.

  NOTE: When you specify the log ID, the range of values is 1-65535. If you use the full 10-digit entry, the first four digits are truncated.

• FortiSwitch Manager was rebooted.

• The memory is low.

• There is high CPU usage.

• The FortiCare license is near its expiration date.

• The configuration changed.

• The scheduled time occurred.

You can use the following wildcard characters in the set value command for the automation trigger:

• Use an asterisk to match any character string of any length, including 0-characters long. For example, use set value "*1567*" to match values of 81567 and 156789.

• Use square brackets to match one of multiple characters. For example, use set value "[aA]dmin" to match values of admin and Admin.

You can also configure multiple fields for the automation trigger when event-type is event-log and logid is set. The action is only performed if all conditions are valid (using AND logic). For example, the following automation trigger requires both the log message to include VRRP and the interface to be svi777 before the action is performed.

config system automation-trigger

edit "VRRPlogtrigger"

set event-type event-log

set logid 10200

config fields

edit 1

set name "msg"

set value "*VRRP*"

next

edit 2

set name "interface"

set value "svi777"

next

end

next

end

You can specify one of the following actions:

• Send an email message.

• Display an alert in the console (CLI only).

• Send data to a uniform resource identifier (URI), such as an IP address or URL.

• Run a CLI script.

• Perform an immediate system operation on this FortiSwitch Manager unit.

To configure an automation stitch in the CLI:

1. Create an automation trigger.

   config system automation-trigger

   edit <automation_trigger_name>

   set description <string>

   set trigger-type {event-based | scheduled}

   set event-type {event-log | reboot | low-memory | high-cpu | license-near-expiry | config-change }

   set license-type forticare-support

   set logid <1-65535>

   set trigger-frequency {hourly | daily | weekly | monthly | once}

   set trigger-hour <0-23>

   set trigger-minute <0-59>

   set trigger-day <1-31>

   set trigger-weekday <sunday | monday | tuesday | wednesday | thursday | friday | saturday>

   config fields

   edit <entry_ID>

   set name <string>

   set value <string>

   next

   end

   next

   end

2. Create an automation action.

   config system automation-action

   edit <automation_action_name>

   set description <string>

   set action-type {email | alert | webhook | cli-script | system-actions}

   set accprofile <string>

   set email-from <string>

   set email-subject <string>

   set email-to <email_address>

   set execute-security-fabric {enable | disable}

   set http-body <request_body>

   set method {delete | get | patch | post | put}

   set message <string>

   set minimum-interval <0-2592000>

   set output-size <1-1024 megabytes>

   set port <1-65535>

   set protocol {http | https}

   set replacement-message {enable | disable}

   set replacemsg-group <string>

   set script <string>

   set system-action {reboot | shutdown | backup-config}

   set timeout <0-300 seconds>

   set uri <request_API_URI>

   next

   end

3. Create the automation stitch.

   NOTE: The set required command is only available when the Sequential button has been selected in the GUI.

   config system automation-stitch

   edit <automation_stitch_name>

   set description <st

   set status {enable | disable}

   set trigger <trigger_name>

   set destination <serial_number_of_destination_devices>

   config actions

   edit <entry_identifier>

   set action <automation_action_name>

   set delay <0-3600 seconds>

   set required {enable | disable}

   next

   end

   next

   end

4. Test the automation stitch.

   NOTE: If the trigger is the log identifier, you must add values for logid, level, and vd.

   diagnose automation test <automation-stitch-name> ["logid=<log_ID> type=event level=information vd=root"]

   For example:

   diagnose automation test interfacedown-stitch "logid=0100044547 type=event level=information vd=root"

To configure an automation stitch in the GUI:

1. Create an automation trigger.

   1. Go to System > Automation.

   2. Click the Trigger tab.

   3. Click Create New.

   4. Select Configuration Change, Conserve Mode, High CPU, License Expiry, Reboot, FortiSwitchManagerOS Event Log, or Schedule.

   5. Fill out the fields for the trigger you selected.

      Trigger	Fields
      Configuration Change	Name—Enter a name for the trigger. Description—Enter a description of the trigger.
      Conserve Mode	Name—Enter a name for the trigger. Description—Enter a description of the trigger.
      High CPU	Name—Enter a name for the trigger. Description—Enter a description of the trigger.
      License Expiry	Name—Enter a name for the trigger. Description—Enter a description of the trigger. License—Select FortiCare Support. NOTE: The other license types are not supported.
      Reboot	Name—Enter a name for the trigger. Description—Enter a description of the trigger.
      FortiSwitchManagerOS Event Log	Name—Enter a name for the trigger. Description—Enter a description of the trigger. Event—Click +, select one or more events, and then click Close. Field filter(s)—Click + and enter the field name and value. If you want to add another filter, click +. NOTE: All configured filters must match before the stitch is triggered.
      Schedule	Name—Enter a name for the trigger. Description—Enter a description of the trigger. Frequency—Select how often the stitch is triggered: Hourly, Daily, Weekly, Monthly, or Once. Enter the values in the fields that correspond to the frequency you selected.

   6. Click OK.

2. Create an automation action.

   1. Go to System > Automation.

   2. Click the Action tab.

   3. Click Create New.

   4. Select Email, CLI Script, Webhook, or System Action.

   5. Fill out the fields for the action you selected.

      Action	Fields
      Email	Name—Enter a name for the action. Minimum interval—Select the units for the time interval: second(s), minute(s), or hour(s). Enter the number for the time interval. NOTE: The action will only be allowed to trigger once within this time interval. Description—Enter a description of the action. From—Enter an email address. To—Enter an email address. Click + if you want the email sent to more than one address. Subject—Enter the subject of the email. Body—Enter the text for the email or use action parameters, such as the log message or source IP address. Click % for more information about the available action parameters. Replacement message—If you want to use a replacement message, enable Replacement message and then click Edit. You can use text, HTML, and action parameters in the replacement message. When you are done, click Save.
      CLI Script	Name—Enter a name for the action. Minimum interval—Select the units for the time interval: second(s), minute(s), or hour(s). Enter the number for the time interval. NOTE: The action will only be allowed to trigger once within this time interval. Description—Enter a description of the action. CLI Script—You can enter the CLI commands in the Script field, click Upload to select a file with your CLI script, or click Record in CLI console to enter the CLI commands in the console. Administrator profile—You can select one of the available administrator profiles to use when executing the CLI script or click Create to configure a new administrator profile. The administrator profile selected determines which CLI commands can be executed. Execute on Security Fabric—Enable if you want to execute the CLI script on all FortiSwitch Managers in the Security Fabric. Disable if you want to execute the CLI script on just the current FortiSwitch Manager.
      Webhook	Name—Enter a name for the action. Minimum interval—Select the units for the time interval: second(s), minute(s), or hour(s). Enter the number for the time interval. NOTE: The action will only be allowed to trigger once within this time interval. Description—Enter a description of the action. Protocol—Select HTTP or HTTPS for the protocol. URL—Enter the URL for the webhook to use. Custom port—If you want to specify the port for the webhook to use, enable Custom port and enter the port number. Method—Select POST, PUT, GET, PATCH, or DELETE. HTTP body—Enter the HTTP request. HTTP header—Enter the header name and value. Click + if you want to add another header. TLS certificate—If you selected HTTPS for the protocol, you can enable TLS certificate and select which TLS certificate to use for security. If you do not select a TLS certificate, the HTTPS request uses the BIOS certificate. Verity remote host—If you selected HTTPS for the protocol, you can verify that the remote host certificate matches the host URL.
      System Action	Name—Enter a name for the action. Minimum interval—Select the units for the time interval: second(s), minute(s), or hour(s). Enter the number for the time interval. NOTE: The action will only be allowed to trigger once within this time interval. Description—Enter a description of the action. Action—Select the system action: Reboot, Shutdown, or Backup configuration.

   6. Click OK.

3. Create the automation stitch.

   1. Go to System > Automation.

   2. Click Create New under the Stitch tab.

   3. Select Sequential if you want the actions to be executed one after another unless an action fails. Select Parallel if you want all actions to be executed immediately when the stitch is triggered. NOTE: Action parameters do not work with parallel execution.

   4. In the Description field, enter a description of the stitch.

   5. Click +, select a trigger, and then click Apply.

   6. Click +, select an action, and then click Apply.

   7. If you want to add more actions, click +.

   8. Click OK.

4. Test the automation stitch.

   NOTE: Only some of the automation stitches can be tested.

   1. Go to System > Automation.

   2. Right-click on the automation stitch.

   3. Click Test Automation Stitch.

Examples

The following example shows how to create an automation stitch that will display an alert in the console every hour.

config system automation-trigger

edit testtrigger

set trigger-type scheduled

set trigger-frequency hourly

set trigger-minute 30

next

end

config system automation-action

edit testaction

set action-type alert

set minimum-interval 1200

next

end

config system automation-stitch

edit teststitch

set status enable

set trigger testtrigger

config actions

edit 1

set required enable

set delay 0

set action testaction

next

end

next

end

In the following example, the specified log identifier (32002) causes the FortiSwitch unit to send the log message to the server.

config system automation-action

edit "Send log to server"

set action-type webhook

set uri "172.16.200.44"

set http-body "%%log%%"

set port 80

next

end

config system automation-trigger

edit "badLogin"

set event-type event-log

set logid 32002

next

end

config system automation-stitch

edit "webhookstitch"

set trigger "badLogin"

config actions

edit 2

set action "Send log to server"

next

end

next

end

In the following example, the administrator receives an email whenever FortiSwitch Manager is restarted.

config system automation-trigger

edit "Reboot"

set event-type reboot

next

end

config system automation-action

edit "emailtest"

set action-type email

set email-to "admin@fortinet.com"

next

end

config system automation-stitch

edit "rebootdashboard"

set trigger "Reboot"

config actions

edit 1

set action "emailtest"

next

end

next

end