Skip to main content
superlativenickname
superlativenickname
New Member
June 29, 2021
Question

No FortiGate log for admin user creation events

  • June 29, 2021
  • 2 replies
  • 3168 views

Hi there,

Is it normal that FortiOS doesn't log admin user creation events? I figured it was standard practice. I can't find anything regarding admin user events in the log reference. Thank you.

 

While I'm here, I actually have a few more questions about different logged events. For example, is there any reference to explain the difference between Log ID 00003 (Traffic violation - deny) and Log ID 00011 (Failed connection attempts)? To my understanding, these are quite similar. Does log ID 00011 only get logged for TCP syn packets and 00003 for any packet/port/protocol? Thank you!

    2 replies

    cravikumar
    Staff
    cravikumar
    Staff
    July 23, 2024

    No, logs will be generated when you create an admin account on the FortiGate. Refer to the link below.

    https://docs.fortinet.com/document/fortigate/7.2.5/fortios-log-message-reference/44547/44547-logid-event-config-objattr

    mle2802
    Staff
    mle2802
    Staff
    July 23, 2024

    Hi @superlativenickname,

    Did you check under system event as well as change between log location such as memory and FortiGate Cloud?

    Terms & ConditionsAccessibility statement