Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhdganji
Contributor II

Created on ‎04-27-2022 05:54 AM

Detailed log of configuration changes

Hi,

 

I need a simple way or at least the easiest way :) to find the details of configuration changes. Just knowing John changed this rule is not enough. I need details: John added this object to source, removed that destination, changed the protocol and so on. Any help would be appreciated. BTW, desired is to see this on memory and system events log not on syslog messages forwarded to a log server.

 

Regards,

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
Labels:
55005
1 Solution
jintrah_FTNT
Staff
Staff
In response to mhdganji

Created on ‎04-28-2022 07:55 AM

Hi,

 

On GUI also, it should be seen. 

Please check once you hover the mouse over cfgattr fields.

 

Best regards, 

Jin

View solution in original post

54981
6 REPLIES 6
jintrah_FTNT
Staff
Staff

Created on ‎04-27-2022 11:15 PM

Hello,

 

This info is already available from the system event logs,

 

date=2022-04-28 time=07:57:33 eventtime=1651125453584236132 tz="+0200" logid="0100044547" type="event" subtype="system" level="information" vd="root" logdesc="Object attribute configured" user="john" ui="GUI(10.5.63.254)" action="Edit" cfgtid=12714067 cfgpath="firewall.policy" cfgobj="7" cfgattr="uuid[c2b1795e-c488-51ec-ee70-f00a4eaee6a9]srcaddr[all->IPSec_RICH_172.24.216.50]" msg="Edit firewall.policy 7"

 

Here you can see john edited firewall rule 7 and changed the source address from 'all' to an address object "IPSec_RICH_172.24.216.50".

 

Best regards,

Jin

54935
mhdganji
Contributor II
In response to jintrah_FTNT

Created on ‎04-28-2022 06:30 AM

In the system events in GUI, I cannot find these details. Should I enable verbose or detailed logging somewhere or in any way these logs are only available in CLI or syslog messages?

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
54927
0 Kudos
jintrah_FTNT
Staff
Staff
In response to mhdganji

Created on ‎04-28-2022 07:55 AM

Hi,

 

On GUI also, it should be seen. 

Please check once you hover the mouse over cfgattr fields.

 

Best regards, 

Jin

54982
lunhas2k4
New Contributor III
In response to jintrah_FTNT

Created on ‎09-18-2022 05:03 AM

Hi @jintrah_FTNT , what version of the FortiOS is this available on. I am running 6.4.6 and don't find this field on the log. 

Carlitos loves firewalls

NSE4 (5.4,6.0)

NSE5 (Fortimanager 6.0, Fortianalyzer 6.0)

NSE7 (Enterprise Firewall 6.0)

Carlitos loves firewalls NSE4 (5.4,6.0) NSE5 (Fortimanager 6.0, Fortianalyzer 6.0) NSE7 (Enterprise Firewall 6.0)
52958
0 Kudos
jintrah_FTNT
Staff
Staff
In response to lunhas2k4

Created on ‎09-20-2022 01:34 AM

Hi,

I just checked on version 6.4.6 by creating a testobject and I could see the fields in the system event logs.

 

jintrah_FTNT_0-1663662815088.png

best regards,

Jin

 

 

52903
0 Kudos
Yurisk
SuperUser
SuperUser

Created on ‎04-28-2022 09:25 AM

As the post above mentioned, it is already in the logs, provided you have Log & Report -> Log Settings -> either "All" or "Custom: System activity events" enabled. 

Below is screen shot of such log I didn't change any settings on the FOrtigate - all logs are on default:

 

ftnt-forums-log.png 

 

N.B. I know, not helping immediately - but new FortiOS 7.2 has this awesome feature "Audit Trails" , which will eventually fulfill this need :) https://www.linkedin.com/posts/yurislobodyanyuk_fortigate-activity-6924289976046088192-4N9z?utm_sour...

 

 

Yuri Slobodyanyuk
Yuri Slobodyanyuk
54919
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.