Export report for firewall policy created/modified/deleted in last 24 hours

Ravindra_CCIE · ‎04-27-2022

Dear Team,

One of my customer requires report for firewall policy created/modifed/deleted in last 24 hours. He is using both FortiManager and Analyser. Can someone guide me on this ? This is bit urgent.

Regards,

Ravindra

Debbie_FTNT · ‎04-27-2022

Hey Ravindra,

is this for policies created/modified/deleted on FortiGate, or FortiManager?
For FortiGate, it writes log messages when policies are edited. There is a predefined chart for config changes (at least in FortiAnalyzer 7.2) that you could put into the report; you might need to experiment a bit with how many results it shows.

For FortiManager changes, this is a bit more tricky; if the FortiManager logs to FortiAnalyzer, you should have logs of subtype 'objcfg' which are generated when objects are edited/deleted/created, and you could create a simple report to list those logs.

Both these options would cover config changes in general, not just policy changes, though; FortiGate does not generate separate logs for policy changes as opposed to object changes, so it would be tricky to only filter out the logs that deal with policy changes specifically.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

Export report for firewall policy created/modified/deleted in last 24 hours

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website