Configure Admin login-logout Automation Stitch with an email notification in Fortigate
Thank to: https://community.fortinet.com/
Description
This article describes how to configure Admin login-logout Automation Stitch with an email notification action.
The main use case is to be notified by email if any admin login to the firewall or logout from the firewall.
Scope
FortiGate.
Solution
A Network admin might want to have a notification set when someone login to the firewall or logout from the firewall.
To achieve this follow the below steps:
On the GUI System - > Email Service.
- Check and configure the Email service configuration one can use either the default setting or if any custom service is available that can be used.
Note.
Default Reply To is Optional, enter the reply to an email address, such as noreply@example.com. This address will override the 'from email' address that is configured for an alert email.
Trigger Configuration:
On the GUI Security Fabric - >Automation - > Create new.
Configure the Name and Action execution as per the requirement.
Next, choose Add Trigger - > Create - > (Use the FortiOS Event Log In the Miscellaneous section ) - > Name it and add Description - > In the Event section select the 'Admin login successful & Admin login successful' select OK -> select the newly created Trigger and select Apply.
Action Configuration:
Go to Add Action - > Create - > use Email, Webhook, Slack, Teams, etc. In this Document, Email is used.
Add Name, Description, To -> email-to (Email addresses), From -> email-from (Email sender name), Subject -> (Email subject.)
CLI Configuration:
# config system automation-action
edit "Admin login-logout"
set description "Admin login-logout"
set action-type email
set email-to "xyz@fortinet.com"
set email-from "no-reply@fortinet.com"
set email-subject "Admin login-logout event triggered"
next
end
# config system automation-trigger
edit "Admin login-logout"
set description "Admin login-logout"
set event-type event-log
set logid 32001 32003
next
end
# config system automation-stitch
edit "Admin login-logout"
set description "Admin login-logout"
set trigger "Admin login-logout"
config actions
edit 1
set action "Admin login-logout"
set required enable
next
end
next
end
Email Alert Logs:
Comentarios
Publicar un comentario
Dime si la información de este blog te sirvio.