How to configure an Automation Stitch (email alert) for CPU threshold on a Fortigate.

This is a quick reference on how to configure an Automation Stitch for CPU threshold on a Fortigate.

Please note that I configured this on Fortigate Firmware 6.2.7. You will also need to ensure that SMTP is setup on the Fortigate.

1. Configure CPU Threshold

This is the value at which point the Fortigate will generate a log for CPU usage.

conf system global
set cpu-use-threshold 50

2. Configure Automation Stitch

2.1 GUI

2.1.1 Create New

This can be found under Security Fabric / Automation

2.1.2 Select Trigger for Email

In this case CPU Usage Statistics which is under FortiOS Event Log option.

2.1.3 Select Email

Add the email address that you want the alerts sending to.

2.2 CLI

Configure the SMTP server email configured in step 1 as the “email-from”

config system automation-action
    edit "Nameofstitch_email"
        set action-type email
        set email-to ""
        set email-from ""
        set email-subject "configuration change"
        set email-body "%%log%%"
        set minimum-interval 60
        set delay 0
        set required disable

4. Test

In order to test this you will need to generate enough traffic to peak the CPU past the minimum 50% . You could use a network stress tester to achieve this. Adding logging, UTM and turning off the CPU offloading on the firewall policy will increase CPU usage.

Thank you for reading and please feel free to leave any feedback.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s