Fortinet black logo

Administration Guide

Audit Logs

Copy Link
Copy Doc ID 1ce38eeb-8119-11eb-9995-00505692583a:159530
Download PDF

Audit Logs

The Audit Logs log tracks all changes made to an item in the system. Users with admin auditing permissions will see a change in the admin auditing log whenever data is added, modified, or deleted. Users can see what was changed, when the change was made, and who made the change.

Changes made through the CLI are tracked in the admin auditing log; however, the user ID for the user who made the change will appear as CLI Tool.

Changes can be filtered by the name of the item that was changed, the action taken, the date when the change occurred, the user ID for the user who made the change, and the type of item that was changed.

Changes made to the following items are not currently audited:

  • Trap MIB files
  • NTP and time zone settings
  • Adapters
  • RADIUS domain mappings
  • RADIUS server defaults
  • Security applications
  • Alarms
  • Certificates
  • Portal SSL settings
  • Portal configuration styles
  • Mobile providers
  • Database backup settings (excluding the Backup Timeout)
  • Changes to the license key

Changing the name of a device or moving a device to a new container will result in a separate audit entry for each port on the device.

Auditing archives and purges audits made to hosts, users, or elements.

Audit Logs

The Audit Logs log tracks all changes made to an item in the system. Users with admin auditing permissions will see a change in the admin auditing log whenever data is added, modified, or deleted. Users can see what was changed, when the change was made, and who made the change.

Changes made through the CLI are tracked in the admin auditing log; however, the user ID for the user who made the change will appear as CLI Tool.

Changes can be filtered by the name of the item that was changed, the action taken, the date when the change occurred, the user ID for the user who made the change, and the type of item that was changed.

Changes made to the following items are not currently audited:

  • Trap MIB files
  • NTP and time zone settings
  • Adapters
  • RADIUS domain mappings
  • RADIUS server defaults
  • Security applications
  • Alarms
  • Certificates
  • Portal SSL settings
  • Portal configuration styles
  • Mobile providers
  • Database backup settings (excluding the Backup Timeout)
  • Changes to the license key

Changing the name of a device or moving a device to a new container will result in a separate audit entry for each port on the device.

Auditing archives and purges audits made to hosts, users, or elements.