Monday, July 31, 2017

cli audit logs fortiOS

Playing around in v5.6 fortiOS, we have the ability to log  cli commands. This gives you the means  for tracking cli cmds issued.


To enable this feature you need to enable the set cli-audit enable from global system



Messages are set via the action ( execute edit delete etc. ). This is great and  provides a simple audit trail.

You can use a combination of execute log filter field values to  track a user 

e.g

execute log filter field user kfelix

 

So  keep this feature in mind if you need to track user commands executions.


note: The execution of cmds via the hidden   fnsysctl or diagnostic commands are not displayed in the audit logs.






Ken   Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 

        /  \







No comments:

Post a Comment