Description
This article describes how to configure an Automation Stitch to execute a packet capture in a desired time (for example, overnight). This automation stitch triggers an action to use a Sniffer on a interface, host and port in a desired time and then triggers a second action to stop the Sniffer after 1 hour.
Scope
FortiGate.
Solution
Configure the Automation Stitch in the CLI:
Action:
config sys automation-action
edit "Sniffer"
set action-type cli-script
set script "diagnose sniffer packet <Interface> \'host <HOST_NAME> and port <PORT_NAME>\' 6 0 l"
set accprofile "super_admin"
next
edit "Sniffer_Stop"
set action-type cli-script
set script "# exec auto-script stop Sniffer"
set accprofile "super_admin"
next
edit "Send-to-email"
set action-type email
set email-to "xxxxx@mail.com"
set email-subject "Packet_Capture"
set minimum-interval 300
set message "%%results%%"
next
end
Trigger:
config system automation-trigger
edit "Sniffer"
set trigger-type scheduled
next
edit "Sniffer_Stop"
set trigger-type scheduled
set trigger-hour 1
next
end
Automation stitch:
config system automation-stitch
edit "Sniffer"
set trigger "Sniffer"
config actions
edit 1
set action "Sniffer"
set required enable
next
edit 2
set action "Send-to-email"
set required enable
next
end
next
edit "Sniffer_Stop"
set trigger "Sniffer_Stop"
config actions
edit 1
set action "Sniffer_Stop"
set required enable
next
end
next
end
Replace the variables <Interface>, <HOST_NAME> and <PORT_NAME> with the appropriate values.
