Fortinet black logo

Administration Guide

Home FortiGate CNF Administration Guide

Audit log

Audit log

System > Audit Log displays FortiGate CNF system events, such as creating a new instance or deleting a policy.

The audit log is different than the FortiGate logs, which display information about traffic on a deployed FortiGate CNF instance.

Audit logs are saved for 365 days.

Use the search box to search and filter the audit log. See Searching and filtering the audit log.

You may export the audit log as a CSV file. See Exporting the audit log.

The FortiGate CNF audit log displays system event information in the following views:

Audit log table

The audit log table displays the following information:

  • Log Time: The date and time when the event occurred.

  • IP: The IP address of the logged in user who initiated the event.

  • Message: Information about the event.

  • Subject Name: The system object being operated on. This can be a FortiGate CNF instance, a policy set, an endpoint, or another type of object.

  • Status Code: Indicates success or failure of the operation.

  • Source: The FortiGate CNF component where the event occurred. This can be one of the following:

    • UI: The event occurred in the FortiGate CNF console.

    • Apiserver: The event occurred in the FortiGate CNF backend. These events involve operations on the components in AWS or Azure.

Audit log detail

The audit log detail includes the following additional information:

  • Event ID: The unique ID of this event.

  • Log ID: The unique ID of this log entry.

  • Created At: The date and time when the log entry was created.

  • Display: Indicates that the log entry should be displayed.

  • Context: The specific FortiGate CNF component where the event occurred.

  • Action: The system action description.

Previous
Next

Audit log

System > Audit Log displays FortiGate CNF system events, such as creating a new instance or deleting a policy.

The audit log is different than the FortiGate logs, which display information about traffic on a deployed FortiGate CNF instance.

Audit logs are saved for 365 days.

Use the search box to search and filter the audit log. See Searching and filtering the audit log.

You may export the audit log as a CSV file. See Exporting the audit log.

The FortiGate CNF audit log displays system event information in the following views:

Audit log table

The audit log table displays the following information:

  • Log Time: The date and time when the event occurred.

  • IP: The IP address of the logged in user who initiated the event.

  • Message: Information about the event.

  • Subject Name: The system object being operated on. This can be a FortiGate CNF instance, a policy set, an endpoint, or another type of object.

  • Status Code: Indicates success or failure of the operation.

  • Source: The FortiGate CNF component where the event occurred. This can be one of the following:

    • UI: The event occurred in the FortiGate CNF console.

    • Apiserver: The event occurred in the FortiGate CNF backend. These events involve operations on the components in AWS or Azure.

Audit log detail

The audit log detail includes the following additional information:

  • Event ID: The unique ID of this event.

  • Log ID: The unique ID of this log entry.

  • Created At: The date and time when the log entry was created.

  • Display: Indicates that the log entry should be displayed.

  • Context: The specific FortiGate CNF component where the event occurred.

  • Action: The system action description.

Previous
Next