Skip to main content
thenetworksfine
thenetworksfine
New Member
January 19, 2017
Solved

Detailed Configuration Changes Report

  • January 19, 2017
  • 2 replies
  • 15129 views

I have been attempting to create a custom report that shows all firewall configuration changes made for tracking purposes. I do not see a built in way to use a custom search and output to it a daily report with all detailed results. Can anyone point me in the right direction?

 

I have been using the query below in Log View >> Event >> System

logdesc="Object attribute configured" 

 

I am interested in these columns: Date/Time, Message, User, Config Attributes, Config Object, Config Path and Log Description

 

Product: FortiAnalyzer-200D Version: 5.4.1 GA   Thank you.
Best answer by mec313

You need to create a custom dataset. Set the Log Type to Event. I have a query below that I use for detailed config changes.

 

select to_timestamp(itime) as time, `user` as user, ui, action, cfgpath, cfgobj, cfgattr from $log where $filter and subtype = 'system' and logid in ('0100044544','0100044545','0100044546','0100044547')

 

The message looked like it was made from the cfgpath, cfgobj and cfgattr, so I ended up pulling it out of my report to preserve space, plus I would rather them be split up to their own column. you can use the field logdesc for the log description. The logid numbers are those for the edits you are after. If you get curious or are comfortable enough with SQL to play with it, the document below can be of great help with field names and values (Which is where those numbers came from)

 

docs.fortinet.com/d/fortios-5.4.0-log-reference/download

 

Hope it helps. I just got mine set up yesterday and was looking through the forums when I saw your post.

2 replies

thenetworksfine
thenetworksfineAuthor
New Member
June 14, 2017

I was hoping to try once more with my request.

mec313
mec313Answer
New Member
June 15, 2017

You need to create a custom dataset. Set the Log Type to Event. I have a query below that I use for detailed config changes.

 

select to_timestamp(itime) as time, `user` as user, ui, action, cfgpath, cfgobj, cfgattr from $log where $filter and subtype = 'system' and logid in ('0100044544','0100044545','0100044546','0100044547')

 

The message looked like it was made from the cfgpath, cfgobj and cfgattr, so I ended up pulling it out of my report to preserve space, plus I would rather them be split up to their own column. you can use the field logdesc for the log description. The logid numbers are those for the edits you are after. If you get curious or are comfortable enough with SQL to play with it, the document below can be of great help with field names and values (Which is where those numbers came from)

 

docs.fortinet.com/d/fortios-5.4.0-log-reference/download

 

Hope it helps. I just got mine set up yesterday and was looking through the forums when I saw your post.

Usib
Usib
New Member
October 23, 2023

Thank you for this solution, it was great help to me.
Last days I have been attempting to add function "change summary" or "audit summary" (new FTG function where you need to write comment at every change you make in FW) to this report, however unsuccessfully. Do you perhaps have solution for this aswell ?

Thank you.

Terms & ConditionsAccessibility statement