Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ravindra_CCIE

Export report for firewall policy created/modified/deleted in last 24 hours

Dear Team,

 

One of my customer requires report for firewall policy created/modifed/deleted in last 24 hours. He is using both FortiManager and Analyser. Can someone guide me on this ? This is bit urgent.

 

Regards,

Ravindra

Ravindra
1 REPLY 1
Debbie_FTNT
Staff
Staff

Hey Ravindra,

is this for policies created/modified/deleted on FortiGate, or FortiManager?
For FortiGate, it writes log messages when policies are edited. There is a predefined chart for config changes (at least in FortiAnalyzer 7.2) that you could put into the report; you might need to experiment a bit with how many results it shows.

For FortiManager changes, this is a bit more tricky; if the FortiManager logs to FortiAnalyzer, you should have logs of subtype 'objcfg' which are generated when objects are edited/deleted/created, and you could create a simple report to list those logs.

Both these options would cover config changes in general, not just policy changes, though; FortiGate does not generate separate logs for policy changes as opposed to object changes, so it would be tricky to only filter out the logs that deal with policy changes specifically.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Labels
Top Kudoed Authors