Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Logs for the execution of CLI commands

The cli-audit-log option records the execution of CLI commands in system event logs (log ID 44548). In addition to execute and config commands, show, get, and diagnose commands are recorded in the system event logs.

The cli-audit-log data can be recorded on memory or disk, and can be uploaded to FortiAnalyzer, FortiGate Cloud, or a syslog server.

To enable the CLI audit log option:
config system global 
    set cli-audit-log enable 
end
To view system event logs in the GUI:
  1. Run the command in the CLI (# show log fortianalyzer setting).
  2. Go to Log & Report > Events > System Events.
  3. In the log location dropdown, select Memory.
  4. Select the log entry and click Details.

To display the logs:
# execute log filter device disk
# execute log filter category event
# execute log filter field subtype system
# execute log filter field logid 0100044548
# execute log display
Sample log:
1: date=2020-11-16 time=10:43:00 eventtime=1605552179970875703 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.225.112)" action="Show" msg="show log fortianalyzer setting"
2: date=2020-11-16 time=10:42:43 eventtime=1605552163502003054 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.225.112)" action="Get" msg="get sys status"
3: date=2020-11-16 time=09:47:04 eventtime=1605548824762387718 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.228.202)" action="Diagnose" msg="diagnose log test"

Logs for the execution of CLI commands

The cli-audit-log option records the execution of CLI commands in system event logs (log ID 44548). In addition to execute and config commands, show, get, and diagnose commands are recorded in the system event logs.

The cli-audit-log data can be recorded on memory or disk, and can be uploaded to FortiAnalyzer, FortiGate Cloud, or a syslog server.

To enable the CLI audit log option:
config system global 
    set cli-audit-log enable 
end
To view system event logs in the GUI:
  1. Run the command in the CLI (# show log fortianalyzer setting).
  2. Go to Log & Report > Events > System Events.
  3. In the log location dropdown, select Memory.
  4. Select the log entry and click Details.

To display the logs:
# execute log filter device disk
# execute log filter category event
# execute log filter field subtype system
# execute log filter field logid 0100044548
# execute log display
Sample log:
1: date=2020-11-16 time=10:43:00 eventtime=1605552179970875703 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.225.112)" action="Show" msg="show log fortianalyzer setting"
2: date=2020-11-16 time=10:42:43 eventtime=1605552163502003054 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.225.112)" action="Get" msg="get sys status"
3: date=2020-11-16 time=09:47:04 eventtime=1605548824762387718 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.228.202)" action="Diagnose" msg="diagnose log test"