We have enabled configuration changes alert in out fortigate under Security Fabric->Automation->Configuration Change.
Eg. the timestamp and email was sent out at 14 Sept 8.18am when no users login to the firewall to make changes.
Solved! Go to Solution.
Hi yeowkm99,
The config change condition is triggered when the System event log ID 32102 (LOG_ID_CHG_CONFIG) is logged. One peculiarity about this event is that it is logged only when the admin user finally logs out (i.e. it is not recorded live as changes happen). So the most likely explanation would be that someone made some changes, forgot to log out, and when their session expired and they were automatically logged out, the config change event got finally recorded.
Hi yeowkm99,
The config change condition is triggered when the System event log ID 32102 (LOG_ID_CHG_CONFIG) is logged. One peculiarity about this event is that it is logged only when the admin user finally logs out (i.e. it is not recorded live as changes happen). So the most likely explanation would be that someone made some changes, forgot to log out, and when their session expired and they were automatically logged out, the config change event got finally recorded.
User | Count |
---|---|
2259 | |
1225 | |
772 | |
451 | |
367 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.