There are some situations where there will be some new changes or implementation on the firewall, and auditing of these logs might be needed at some point.

To audit these logs: Log & Report -> System Events -> Select General System Events.

In this example, the primary DNS server was changed on the FortiGate by the admin user.

Note: In a Multi-VDOM case, admin login information can be seen in the management VDOM. For example, if the root VDOM is the management VDOM, then system event logs will be present in the root VDOM.

Importance:
Auditing admin logs in FortiGate is of prime importance for several reasons:

1. Security: Ensuring only authorized changes are made. Any unauthorized or suspicious change can be quickly identified and addressed.

2. Accountability: Associating every change with a user ensures that individuals are held accountable for their actions. This discourages any rogue changes and promotes responsibility.

3. Troubleshooting: If any misconfiguration causes network disruptions, having an audit trail helps in quickly identifying the root cause and rectifying it.

4. Regulatory and Compliance Needs: Many industries have regulations mandating the monitoring and logging of administrative changes for audit purposes.

5. Historical Record: Maintaining a log provides a historical record of changes, which can be useful for training, understanding the evolution of the network setup, or reverting to a previous configuration if needed.

In essence, keeping a vigilant eye on the administrative logs in FortiGate ensures the smooth and secure functioning of the network infrastructure. It acts as a first line of defense against inadvertent errors or malicious activities, ensuring the stability and security of the network ecosystem.