Logs for the execution of CLI commands
The cli-audit-log
option records the execution of CLI commands in system event logs (log ID 44548). In addition to execute
and config
commands, show
, get
, and diagnose
commands are recorded in the system event logs.
The cli-audit-log
data can be recorded on memory or disk, and can be uploaded to FortiAnalyzer, FortiGate Cloud, or a syslog server.
To enable the CLI audit log option:
config system global set cli-audit-log enable end
To view system event logs in the GUI:
- Run the command in the CLI (
# show log fortianalyzer setting
). - Go to Log & Report > Events > System Events.
- In the log location dropdown, select Memory.
- Select the log entry and click Details.
To display the logs:
# execute log filter device disk
# execute log filter category event
# execute log filter field subtype system
# execute log filter field logid 0100044548
# execute log display
Sample log:
1: date=2020-11-16 time=10:43:00 eventtime=1605552179970875703 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.225.112)" action="Show" msg="show log fortianalyzer setting"
2: date=2020-11-16 time=10:42:43 eventtime=1605552163502003054 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.225.112)" action="Get" msg="get sys status"
3: date=2020-11-16 time=09:47:04 eventtime=1605548824762387718 tz="-0800" logid="0100044548" type="event" subtype="system" level="information" vd="root" logdesc="Action performed" user="admin" ui="jsconsole(2.0.228.202)" action="Diagnose" msg="diagnose log test"