- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Audit logs in Fortimanager
I am trying to view Audit logs for users in FortiManager 7.4.2 like which user installed a policy or changed an object.
where can i find these ? Do i need to enable any setting for this ?
i tried to check in system settings-> events logs but that section is empty ..only when i select real time in top right i can see any logs there.. is this expected ? or is it a bug in 7.4.2
Thanks
- Labels:
-
FortiManager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have 7.2.2 and I can see the logs (System Settings-> Events Log), e.g.: when I select "Last 1 Hour" the logs are displayed correctly.
This was the default setting and nothing has been changed for that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i m not sure if its a problem with the version ..i m on 7.4.2 and i think it worked fine when i was on 7.4.1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @lostboy10
I would suggest to review the following article:
https://community.fortinet.com/t5/FortiManager/Technical-Tip-FortiManager-FortiAnalyzer-local-event-...
Also, for the local log :
faz.example.com # config system locallog disk setting
(setting)# get
path=system.locallog.disk, objname=setting, tablename=(null), size=336
status : enable
severity : debug <--- All possible events to be saved
upload : disable
server-type : FTP
max-log-file-size : 100
max-log-file-num : 10000
roll-schedule : none
diskfull : overwrite
log-disk-full-percentage: 80
log-disk-quota : 1
Please review that you had enough disk space.
Best,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks..i verifed this and disk space looks fine
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Check if logging is properly configured on your FortiManager device. Ensure that the appropriate log settings are enabled to capture user activities in gb insta.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where do i see that ? i am not sure but is it a kknown problem with forti OS 7.4.2 ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @lostboy10 ,
Do FortiAnalyzer features enabled? You may proceed to perform database rebuild by below command to see it able to rectify the issue.
# execute sql-local rebuild-db