FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
salmas
Staff
Staff
Article Id 269484
Description This article describes how to check/filter configuration changes logs.
Scope FortiGate.
Solution

It is possible to filter the log to check what objects/settings were configured or changed.

 

  • In Previous FortiOS versions: From GUI, go to Logs & Reports -> Events -> System Events -> Add Filter -> Filter Field: Log Description = Object Attribute Configured or Attribute configured.
  • In FortiOS 7.2.x and 7.4.x : From GUI, go to Logs & Reports ->  System Events -> General System Events -> Add Filter -> Filter Field: Log Description = Object Attribute Configured or Attribute configured.

 

 
Screenshot 2023-08-20 102425.png

 

In the log, it is possible to check more about this configuration change.

 

Object configures.png

This particular log was about the change in the static route entry number 2, where the interface was changed from internal1 to default. The change was done in GUI by the user admin.

If the change was made in the GUI console, the user interface would be listed as 'jsconsole'. If the change was done via SSH session, the user interface would be listed as 'ssh'.

 

If there is a change in the hostname, the log would be filtered as below.

 

Filter Field: Log Description = Global setting changed.

 

Screenshot 2023-08-20 105307.png

 

It is also possible to create an automation stitch to get the alert/summary of configuration changes:

Technical Tip: Using Automation Stitches to produce a summary of Configuration Changes

 

Related srticle:

Technical Tip: How to configure email alerts for configuration changes on FortiGate using FortiAnaly...

Contributors