Technical Tip: System events shows log message 'User daemon_admin added IPv4 firewall local in policy 1 from cmdbsvr'

parteeksharma · ‎07-10-2023

Description

This article describes the case when system events show the log message 'User daemon_admin added IPv4 firewall local in policy 1 from cmdbsvr'.

Scope

FortiGate v7.2.x.

Solution

When FortiGate has a firewall local-in-policy, after the FortiGate reboot or upgrade, there is an event log created as below:

date=2023-06-23 time=18:08:52 eventtime=1687523865000462096 tz="+0530" logid="0100032172" type="event" subtype="system" level="notice" vd="root" logdesc="IPv4 firewall local in policy added" user="daemon_admin" ui="cmdbsvr" seq="1" dintf="dmz" saddr="Dialup_range" daddr="all" act="accept" status="enable" iptype="ipv4" msg="User daemon_admin added IPv4 firewall local in policy 1 from cmdbsvr"

This log message in the System event logs is an expected behavior and is generated when rebooting the firewall system processes, which will load the config from CMDB to memory, and add the local-in-policy.

There could also be logs of changes made by the daemon_admin user, such as changes in hostname or the timeout setting, these are expected in the event of a reboot or firewall upgrade.

Technical Tip: System events shows log message 'User daemon_admin added IPv4 firewall local in policy 1 from cmdbsvr'

Description

Scope

Solution

You are leaving our website