Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kutty7
New Contributor

Created on ‎07-19-2023 08:27 AM

How to check who executed script in fortimanager?

Hello, is there an option to determine who executed the script knowing the exact date of execution of the script? Someone executed a script that did a lot of damage, I managed to repair it but I don't know if it was sabotage/attack or just an employee error (Fortimanager software from the 6.2.X/6.4.X series)

router login 192.168.l.l
router login 192.168.l.l
Labels:
973
0 Kudos
2 REPLIES 2
petergray
New Contributor II

Created on ‎07-19-2023 02:35 PM Edited on ‎07-23-2023 09:22 AM

FortiManager's Audit Logs feature tracks user activity, including script execution. To check, log in, go to System Settings or Admin section, find Audit Logs, and search for the script execution date and user.

 

Analyze the logs to verify the user's identity and consider upgrading FortiManager for newer capabilities. Implement security measures to prevent unauthorized access and potential damage. If suspicious, investigate and involve IT security or Fortinet support.

948
0 Kudos
markwarner
Staff
Staff

Created on ‎07-20-2023 03:13 AM

When an admin runs a script there should be an event created in the event log with:
Description: Script install status
Operation: Install script
Also attributes Changes and Message will show more information but are less useful for filtering.

936
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.