Description
This article describes how ForitGate use Automation function via webhook to send message to Slack channel, and how to customize information use event log.
Useful link:
Fortinet Documentation:
Webhook action: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/989735/webhook-action
Solution
1) Create New Automation
2) Give automation stitch name
3) Select Trigger method
4) Select Event
5) Select Action
6) Put Slack Channel Information7) Generate Admin login failed eventc3po-kvm52 # dia de app autod -1
Debug messages will be on for 30 minutes.
c3po-kvm52 # dia de ena
c3po-kvm52 # auto_generate_generic_curl_request()-302: Generating generic automation CURL request for action (webhook2slack).
auto_generate_generic_curl_request()-350: Generic automation CURL request POST data for action (webhook2slack):
{"text": "This is for user - admin login failed as log reason - passwd_invalid, ui = ssh(10.56.246.131) log method - ssh from log srcip - 10.56.246.131 , msg - Administrator admin login failed from ssh(10.56.246.131) because of invalid password"}
auto_generate_generic_curl_request()-400: Generic automation CURL request Host header: hooks.slack.com
auto_generic_curl_request_close()-476: Generic CURL request response body from https://hooks.slack.com/services/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
okWhere is the HTTP body parameter come from?Some old version such as 6.0.5 may met HTTP 400 error, please upgrade to 6.2.2
