When there is a requirement to audit the changes to the firewall configuration. Use the steps below to filter and download logs:

Navigate to 'Log & Report' -> 'System Events' and ensure 'General System Events' is selected near the top right of the pane. 

Example 1: 

From the screenshot, Administrator user: admin created the firewall local user name: sslvpn.

Another log shows the earlier user:sslvpn being added to the group name: sslvpn.

Example 2: 

From the above log, Admin User: admin created a new Firewall policy with the name: Policytointernet.

Example 3: 

Similar to earlier logs, the above screenshot shows Admin user: admin changed the DNS from 96.45.45.45 to 8.8.8.8.

With the filter feature, using article below could adjust additional settings to verify more precise logs by adjusting time/date.

Technical Tip: How to apply filters in forward traffic logs

Technical Tip: Filtering for security event logs on FortiOS version 7.2

To download the retrieved logs, use the steps in the article below.

Technical Tip: How to download Logs from FortiGate GUI