Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
happyling111
New Contributor II

Created on ‎12-06-2023 07:02 PM

Can syslog collect notifications of setting changes?

Hello all,


Can Fortigate syslog receive routing or VPN "configuration change" notifications?

I know that syslog can receive status change notifications, and change notifications can be sent via email alerts, but I don't know if syslog can receive them.

I've checked, and I don't seem to have seen any instructions for this.

Labels:
1488
0 Kudos
1 Solution
happyling111
New Contributor II

Created on ‎12-07-2023 01:29 AM

Technical Tip: Using syslog free-style filters

os:7.0

View solution in original post

1414
0 Kudos
6 REPLIES 6
smaruvala
Staff
Staff

Created on ‎12-06-2023 09:49 PM

Hi,

 

- Configuration changes can be seen in the events logs in the Firewall. Please refer the below link.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-check-filter-configuration-changes-...

 

- If we put filter of "Object attribute configured" as log description we will see configuration changes. 

- I am not very clear about the second part of your issue. Is the requirement is to send only these logs to syslog from fortigate?

 

Regards,

Shiva

1463
happyling111
New Contributor II
In response to smaruvala

Created on ‎12-06-2023 09:59 PM

Is the requirement is to send only these logs to syslog from fortigate?
yes!

1460
0 Kudos
smaruvala
Staff
Staff
In response to happyling111

Created on ‎12-06-2023 10:20 PM

Hi,

 

- Then you can use filters in the syslog setting in the firewall to do that.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-syslog-filters-on-to-send-only-speci...

- You can see Log ID in the details of the event logs. You can filter and send only the specific log ID. for Example log ID 44547 will be used for object attribute changed in the Firewall.

 

Regards,

Shiva

1454
happyling111
New Contributor II

Created on ‎12-06-2023 10:56 PM

Hello,

After testing, the command within the provided link is functional in version 6.0.l6.
However, with OS 7.0.12, the command in the link is not applicable.
Could you please provide the correct command for filtering logid in this version?

Tks!

1448
0 Kudos
happyling111
New Contributor II

Created on ‎12-07-2023 01:29 AM

Technical Tip: Using syslog free-style filters

os:7.0

1415
0 Kudos
smaruvala
Staff
Staff

Created on ‎12-07-2023 03:01 AM

Hi,

 

Please check the 7.0 document.

https://docs.fortinet.com/document/fortigate/7.0.4/cli-reference/450620/config-log-syslogd-filter

Sample:

config free-style
edit 1
set category event
set filter "(logid 0100044547)"
next
end

 

Regards,

Shiva

1405
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.