Technical Tip: How to check/filter configuration changes logs

It is possible to filter the log to check what objects/settings were configured or changed.

• In Previous FortiOS versions: From GUI, go to Logs & Reports -> Events -> System Events -> Add Filter -> Filter Field: Log Description = Object Attribute Configured or Attribute configured.
• In FortiOS 7.2.x and 7.4.x : From GUI, go to Logs & Reports ->  System Events -> General System Events -> Add Filter -> Filter Field: Log Description = Object Attribute Configured or Attribute configured.

In the log, it is possible to check more about this configuration change.

This particular log was about the change in the static route entry number 2, where the interface was changed from internal1 to default. The change was done in GUI by the user admin.

If the change was made in the GUI console, the user interface would be listed as 'jsconsole'. If the change was done via SSH session, the user interface would be listed as 'ssh'.

If there is a change in the hostname, the log would be filtered as below.

Filter Field: Log Description = Global setting changed.

It is also possible to create an automation stitch to get the alert/summary of configuration changes:

Technical Tip: Using Automation Stitches to produce a summary of Configuration Changes

Related srticle:

Technical Tip: How to configure email alerts for configuration changes on FortiGate using FortiAnaly...