I have been attempting to create a custom report that shows all firewall configuration changes made for tracking purposes. I do not see a built in way to use a custom search and output to it a daily report with all detailed results. Can anyone point me in the right direction?
I have been using the query below in Log View >> Event >> System
logdesc="Object attribute configured"
I am interested in these columns: Date/Time, Message, User, Config Attributes, Config Object, Config Path and Log Description
Product: FortiAnalyzer-200D Version: 5.4.1 GA Thank you.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You need to create a custom dataset. Set the Log Type to Event. I have a query below that I use for detailed config changes.
select to_timestamp(itime) as time, `user` as user, ui, action, cfgpath, cfgobj, cfgattr from $log where $filter and subtype = 'system' and logid in ('0100044544','0100044545','0100044546','0100044547')
The message looked like it was made from the cfgpath, cfgobj and cfgattr, so I ended up pulling it out of my report to preserve space, plus I would rather them be split up to their own column. you can use the field logdesc for the log description. The logid numbers are those for the edits you are after. If you get curious or are comfortable enough with SQL to play with it, the document below can be of great help with field names and values (Which is where those numbers came from)
docs.fortinet.com/d/fortios-5.4.0-log-reference/download
Hope it helps. I just got mine set up yesterday and was looking through the forums when I saw your post.
I was hoping to try once more with my request.
You need to create a custom dataset. Set the Log Type to Event. I have a query below that I use for detailed config changes.
select to_timestamp(itime) as time, `user` as user, ui, action, cfgpath, cfgobj, cfgattr from $log where $filter and subtype = 'system' and logid in ('0100044544','0100044545','0100044546','0100044547')
The message looked like it was made from the cfgpath, cfgobj and cfgattr, so I ended up pulling it out of my report to preserve space, plus I would rather them be split up to their own column. you can use the field logdesc for the log description. The logid numbers are those for the edits you are after. If you get curious or are comfortable enough with SQL to play with it, the document below can be of great help with field names and values (Which is where those numbers came from)
docs.fortinet.com/d/fortios-5.4.0-log-reference/download
Hope it helps. I just got mine set up yesterday and was looking through the forums when I saw your post.
Thank you for this solution, it was great help to me.
Last days I have been attempting to add function "change summary" or "audit summary" (new FTG function where you need to write comment at every change you make in FW) to this report, however unsuccessfully. Do you perhaps have solution for this aswell ?
Thank you.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.