Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/22.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=CLI-system-configuration-audit

configuration-audit

The configuration-audit command lets you record the changes administrators make on the web admin console or CLI. It captures critical information, such as the configuration before and after the change, the timestamp, the administrator identity and IP address, and the console used.

The information is available in the configuration-audit.log file in the advanced shell. To download the log file, go to Diagnostics > Tools and select one of the following options:

  • Troubleshooting logs
  • Consolidated troubleshooting report

Configuration audit currently supports key objects, such as IP hosts, firewall rules, and network interfaces, including physical, virtual, wireless, and cellular WAN.

These logs let you track modifications, assess their impact, and ensure compliance with security standards.

Note

On HA devices, audit logs are generated only when the device is active.

You can use the following command with options to turn configuration audit logs on or off and check the status of logging.

Command

system configuration-audit

Syntax

system configuration-audit
[enable|disable|show]

Options

enable

Turn on configuration audit. This is the default setting.

disable

Turn off configuration audit.

show

Shows whether configuration audit is on or off.