Hi,
I need a simple way or at least the easiest way :) to find the details of configuration changes. Just knowing John changed this rule is not enough. I need details: John added this object to source, removed that destination, changed the protocol and so on. Any help would be appreciated. BTW, desired is to see this on memory and system events log not on syslog messages forwarded to a log server.
Regards,
Solved! Go to Solution.
Hi,
On GUI also, it should be seen.
Please check once you hover the mouse over cfgattr fields.
Best regards,
Jin
Hello,
This info is already available from the system event logs,
date=2022-04-28 time=07:57:33 eventtime=1651125453584236132 tz="+0200" logid="0100044547" type="event" subtype="system" level="information" vd="root" logdesc="Object attribute configured" user="john" ui="GUI(10.5.63.254)" action="Edit" cfgtid=12714067 cfgpath="firewall.policy" cfgobj="7" cfgattr="uuid[c2b1795e-c488-51ec-ee70-f00a4eaee6a9]srcaddr[all->IPSec_RICH_172.24.216.50]" msg="Edit firewall.policy 7"
Here you can see john edited firewall rule 7 and changed the source address from 'all' to an address object "IPSec_RICH_172.24.216.50".
Best regards,
Jin
In the system events in GUI, I cannot find these details. Should I enable verbose or detailed logging somewhere or in any way these logs are only available in CLI or syslog messages?
Hi,
On GUI also, it should be seen.
Please check once you hover the mouse over cfgattr fields.
Best regards,
Jin
As the post above mentioned, it is already in the logs, provided you have Log & Report -> Log Settings -> either "All" or "Custom: System activity events" enabled.
Below is screen shot of such log I didn't change any settings on the FOrtigate - all logs are on default:
N.B. I know, not helping immediately - but new FortiOS 7.2 has this awesome feature "Audit Trails" , which will eventually fulfill this need :) https://www.linkedin.com/posts/yurislobodyanyuk_fortigate-activity-6924289976046088192-4N9z?utm_sour...
Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.