Technical Tip: How to log the debug commands executed from CLI

hrahuman_FTNT · ‎03-31-2021

Description
This article describes how to log the debug commands executed from CLI.

Solution
The 'cli-audit-log' option records the execution of CLI commands in system event logs (log ID 44548).
In addition to execute and config commands, show, get, and diagnose commands are recorded in the system event logs.

The 'cli-audit-log' data can be recorded on memory or disk, and can be uploaded to FortiAnalyzer, FortiGate Cloud, or a syslog server.

To enable the CLI audit log option:

# config system global
set cli-audit-log enable
end

To view system event logs from GUI:
- Go to Log & Report -> Events -> System Events.
- In the log location dropdown, select Memory.
- Select the log entry and select 'Details'.

Run the command from CLI (# show log fortianalyzer setting).

To display the logs from CLI.

# execute log filter device disk
# execute log filter category event
# execute log filter field subtype system
# execute log filter field logid 0100044548
# execute log display

Sample Log.

1: date=2020-11-16 time=10:43:00 eventtime=1605552179970875703 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.225.112)" action="Show" msg="show log fortianalyzer setting"

2: date=2020-11-16 time=10:42:43 eventtime=1605552163502003054 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.225.112)" action="Get" msg="get sys status"

3: date=2020-11-16 time=09:47:04 eventtime=1605548824762387718 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.228.202)" action="Diagnose" msg="diagnose log test"

Technical Tip: How to log the debug commands executed from CLI

You are leaving our website