Fortimanager Config Change Report

rikbignell · ‎02-18-2016

Hi,

What is the best way to generate a log / report and email it showing all the config changes to devices on the manager?

Our change management are looking for a log of who is making changes and what changes are being made.

We are on a Fortimanager 400B on 5.0.11

scao_FTNT · ‎02-18-2016

you can see event log like below one

2016-02-18 15:27:20 log_id=0021030002 type=event subtype=objcfg pri=notice user="admin" userfrom="GUI(10.2.0.250)" msg="dev=global,adom=root,type=fw_policy,key=2,act=add,pkgname=111,dstaddr=all,dstintf=any,logtraffic=all,policyid=2,schedule=always,service=ALL,srcaddr=all,srcintf=any" adom="root"

rikbignell · ‎02-23-2016

I can see the event log on the manager showing the info i need. I just cant seem to work out how to get the event logs to trigger in event management for the manager itself?

sgao_FTNT · ‎02-24-2016

Please enable FAZ feature first then you can define a local event log based event handler (please select root ADOM if enabled ADOM)

here is an example for alert triggered by config change event log

Fortimanager Config Change Report

Nominate a Forum Post for Knowledge Article Creation