This is a quick reference on how to configure an Automation Stitch for CPU threshold on a Fortigate.
Please note that I configured this on Fortigate Firmware 6.2.7. You will also need to ensure that SMTP is setup on the Fortigate.
1. Configure CPU Threshold
This is the value at which point the Fortigate will generate a log for CPU usage.
conf system global set cpu-use-threshold 50
2. Configure Automation Stitch
2.1.1 Create New
This can be found under Security Fabric / Automation
2.1.2 Select Trigger for Email
In this case CPU Usage Statistics which is under FortiOS Event Log option.
2.1.3 Select Email
Add the email address that you want the alerts sending to.
Configure the SMTP server email configured in step 1 as the “email-from”
config system automation-action edit "Nameofstitch_email" set action-type email set email-to "email@example.com" set email-from "firstname.lastname@example.org" set email-subject "configuration change" set email-body "%%log%%" set minimum-interval 60 set delay 0 set required disable next end
In order to test this you will need to generate enough traffic to peak the CPU past the minimum 50% . You could use a network stress tester to achieve this. Adding logging, UTM and turning off the CPU offloading on the firewall policy will increase CPU usage.
Thank you for reading and please feel free to leave any feedback.