We have enabled configuration changes alert in out fortigate under Security Fabric->Automation->Configuration Change.
Eg. the timestamp and email was sent out at 14 Sept 8.18am when no users login to the firewall to make changes. 
Hi yeowkm99,
The config change condition is triggered when the System event log ID 32102 (LOG_ID_CHG_CONFIG) is logged. One peculiarity about this event is that it is logged only when the admin user finally logs out (i.e. it is not recorded live as changes happen). So the most likely explanation would be that someone made some changes, forgot to log out, and when their session expired and they were automatically logged out, the config change event got finally recorded.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
