In FortiNAC-F, accountability and forensic tracking of configuration changes are managed through theAdmin Auditingfunctionality. When an administrator performs an action that modifies the system state—such as creating a policy, changing a device ' s status, or adding a switch port to anEnforcement Group—the system generates an audit record. This record is essential for troubleshooting scenarios where unauthorized or accidental configuration changes have occurred, leading to unintended network behavior.

TheAdmin Auditingview (found underLogs > Admin Auditing) provides a comprehensive log of the " Who, What, and When " for every administrative session. Each entry includes the username of the administrator, the source IP address from which they accessed the FortiNAC-F console, a precise timestamp, and a detailed description of the modification. In the scenario described, where ports have been incorrectly added to enforcement groups, the Admin Auditing view allows a supervisor to filter by the specific " Port " or " Group " object to identify exactly which administrator executed the command.

In contrast, theEvent Managementview (B) is designed to monitor system and network events, such as RADIUS authentications, host connections, and SNMP trap arrivals. While it tracks system activity, it does not typically log the manual configuration changes performed by admins. ThePort Changesview (C) tracks the operational history of a port (such as VLAN assignment changes and host movements) but does not attribute the administrative assignment of the port to a group. Finally, theSecurity Eventsview (D) is dedicated to alerts triggered by security rules and external threat feeds.

" Admin Auditing displays a record of all modifications made to the FortiNAC-F system by an administrator. This view includes the administrator ' s name, the date and time of the change, and a description of the action taken. It is the primary resource for determining which administrative user performed a specific configuration change, such as modifying port group memberships or altering policy settings. " —FortiNAC-F Administration Guide: Logging and Auditing Section.