Fortigate custom SLA notification

Created by Boopathi K, Modified on Fri, 10 Jan at 10:40 AM by Boopathi K

This article describes how to filter automation stitch triggers for FortiGate events based on log parameters.

Solution

As some of the events that trigger an automation stitch can cause excessive or unwanted messages/actions, the CLI filtering option can help mitigate this issue.

Create an automation stitch that will trigger an email to be send, based on a FortiOS event:

- Go to Security Fabric -> Automation and select 'Create New'.

- Enter Name, choose Triggering event – in this case FortiOS Event Log.

- Choose action Email and configure the email details – Recipients (TO), subject and body.

In this case, 'Virtual WAN Link status' log event has been chosen as a triggering even.

Event ID is mentioned by hovering the mouse over the selected event – in this case 22923.

As event parameters can be easily seen in the generated log, go to Log&Report -> Events and filter logs based on Log ID (in our case 22923).
This type of event can be triggered by multiple factors, as seen in the Message column:

Please follow the steps below to update the filters:

Go to the field filters and add a filter column with "healthcheck" equal to the required "Performance SLA Name."
Add another column with "msg" equal to "Member status changed. Member out-of-sla."

Note: Please ensure that the value "Member status changed. Member out-of-sla." is retained in its entirety, including the dot at the end.

Reference screenshot: