- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Possible To Get EXACT Configuration Change - Automation Stitch?
Hello all. I've enabled an Automation stitch to email me whenever any other admin signs into the FGT (6.2.1) and makes any changes. Those emails look like this:
FGT[FGxxxxxxxxxxxxxx] Automation Stitch:Config-Change is triggered.
date=2020-06-29 time=08:25:47 logid="0100032102" type="event" subtype="system" level="alert" vd="root" eventtime=1593437147787054028 tz="-0500" logdesc="Configuration changed" user="xxxxxxxxxxxx" ui="ssh(xxxxxx)" msg="Configuration is changed in the admin session"
Is it possible to have these emails include the EXACT config change made .e.g. user Andrew made a change: an interface IP address changed, or a policy was disabled?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rather than use an Automation Stitch, try Under Log & Report / E-mail Alert Settings, enabling "Configuration change" - that will send an e-mail to the e-mail addresses at the top of that page including the details of the configuration change.
If you don't see "Email Alerts Settings" under Log & Report (this page is present on my 60E with FortiOS 6.0.x but is missing on my 60E with FortiOS 6.4.x) you can set this in the CLI ("set configuration-changes-logs enable").
https://docs.fortinet.com/document/fortigate/6.2.4/cli-reference/520620/alertemail-setting
Russ
NSE7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Rather than use an Automation Stitch, try Under Log & Report / E-mail Alert Settings, enabling "Configuration change" - that will send an e-mail to the e-mail addresses at the top of that page including the details of the configuration change.
If you don't see "Email Alerts Settings" under Log & Report (this page is present on my 60E with FortiOS 6.0.x but is missing on my 60E with FortiOS 6.4.x) you can set this in the CLI ("set configuration-changes-logs enable").
https://docs.fortinet.com/document/fortigate/6.2.4/cli-reference/520620/alertemail-setting
Russ
NSE7
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you, Russ. I'll try that and observe further.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TecnetRuss wrote:Hi, Russ. I'm not sure if I should make another post or just ask here, so I'll just ask and you can correct me. So your suggestion was great and works as expected. Is there any way I can have the exact contents of the emails be sent to a syslog server? We currently have our syslog settings pointed to our FortiAnalyzer but I haven't seen the kind of in-depth info the email provides.Rather than use an Automation Stitch, try Under Log & Report / E-mail Alert Settings, enabling "Configuration change" - that will send an e-mail to the e-mail addresses at the top of that page including the details of the configuration change.
If you don't see "Email Alerts Settings" under Log & Report (this page is present on my 60E with FortiOS 6.0.x but is missing on my 60E with FortiOS 6.4.x) you can set this in the CLI ("set configuration-changes-logs enable").
https://docs.fortinet.com/document/fortigate/6.2.4/cli-reference/520620/alertemail-setting
Russ
NSE7
