We finally had one of our clients virtual Fortigates failover at the weekend which triggered my 'test' trap.rule.
Essentially there are 4 traps: fgTrapHaMemberDown, fgTrapHaHBFail, fgTrapHaStateChange, and fmTrapHASwitch that the rule looks for and if one is triggered by the end device it currently does a:
My logic for the alert states:
Currently I only have the test alert send me an eMail when it triggers.
My question is, can I build out my 'trigger actions' in a similar manner to any of our our standard alerts?
iow, can i use the various $SwisEntity info as I need to be able to punch this info into a batch file which then integrates with our BMC ticketing system?
Trouble is, I don't have access to a test Fortigate to failover so have to wait for one to trigger, so be grateful for anyone that has already travelled this route to advise.