|
FortiGate by default turns on conserve mode when memory consumption reaches 85%.
Read the following articles to better understand how conserve mode is triggered:
Technical Tip: How conserve mode is triggered.
Technical Tip: Conserve mode changes.
It is possible to generate an automation script to collect the relevant logs when the conserve mode is triggered. This is essential for support engineers to understand which process is consuming more memory.
To create an automation stitch, check the following steps:
- FortiGate version 6.4.x.
Using the GUI:
- Navigate to Security Fabric -> Automation -> Create New.
- Name the automation stitch.
- Under the trigger column select FortiOS event log.
- Select Memory conserve mode entered.
- Under Action Enable CLI Script and Email.
- Under the CLI script edit the following:
Name of the Automation script.
Select super_admin profile.
In the CLI script enter the following:
For non-VDOM based environment:
diagnose sys top-mem
execute tac report
For VDOM-based environment:
config global
diagnose sys top-mem
execute tac report
- Under the Email section add to email and the preferred subject then change the email body to %%results%% and save.
Using the CLI:
config sys automation-action
edit "Script"
set action-type cli-script
set script "diagnose sys top-mem -> use enter after this.
exec tac report"
set accprofile "super_admin"
next
edit "Conserve mode_email"
set action-type email
set email-to "<email id>"
set email-subject "Conserve mode"
set message "%%results%%"
next
end
config system automation-script
edit "Conserve mode"
set trigger "Conserve mode"
set action "Script" "Conserve mode_email"
next
end
-
FortiGate v7.0, v7.2 and v7.4.
Using GUI.
- Navigate to Security Fabric -> Automation -> Under Stitch tab Create New.
- Name the Stitch.
- Add Trigger -> Create -> Conserve mode -> Name the trigger -> Apply.
- Add Action -> Create CLI script -> Name the CLI script and Under Script type the following.
- For non-VDOM based environment:
diagnose sys top-mem
execute tac report
- For VDOM based environment:
config global
diagnose sys top-mem
execute tac report
- Select admin profile as super_admin -> Ok -> Apply.
- Select '+' sign to Add another action.
- Add Action -> Email -> Name the action.
- Add to email and the preferred subject and change the email body to %%results%%.
- Select 'Ok', Apply, and save the automation script.
- Once saved, select the name and then select test-automation script.
Using CLI.
config sys automation-action
edit "Script"
set action-type cli-script
set script "diagnose sys top-mem -> use enter after this.
exec tac report"
set accprofile "super_admin"
next
edit "Conserve mode_email"
set action-type email
set email-to "<email id>"
set email-subject "Conserve mode"
set message "%%results%%"
next
end
config system automation-trigger
edit "Conserve mode trigger"
set event-type low-memory
next
end
config system automation-stitch
edit "Conserve mode"
set trigger "Conserve mode trigger"
config actions
edit 1
set action "Script"
set required enable
next
edit 2
set action "Conserve mode_email"
set required enable
next
end
next
end
Note: By design the maximum buffer size is 16KB so the output will not exceed this value.
FortiOS 7.2.6 and 7.4.0 and above will support a 192KB buffer limit.
|
