| Description | This article describes how to export 'Port Change' events for a specific switchport. These events will provide the exact timestamps and reason for VLAN change. This information is helpful to identify patterns and can be used as reference when checking other FortiNAC service logs. |
| Scope | FortiNAC-F, FortiNAC. |
| Solution |
Identify the Location in Network -> Inventory and select the Switchport where the unexpected VLAN change is happening. Select 'Port Changes' tab and on the far right select the Format to be used when exporting the file.
 Figure 1. Example in Filtering and exporting 'Port Change' events
The events listed in 'Port Changes' will not log the VLAN changes performed manually by FortiNAC administrative users through the GUI. These changes can be checked by 'right-clicking' the switchport on the GUI and selecting 'Show Audit logs'.
For wireless scenarios, VLAN changes can be tracked through the 'Network Events' tab.
Related article: Technical Tip: Investigate Policy/Access Enforcement events for Wireless connecting endpoints |
