Technical Tip: Hostname/FQDN search in FortiAnalyzer logs

Description

This article explains how to search for and preview the hostname or FQDN in LogView.

Scope

FortiAnalyzer.

Solution

When reviewing the hostname/FQDN, the FortiGate or FortiAnalyzer should resolve them. To enable the proper settings, see the following article: Technical Tip: Configuring FortiGate and FortiAnalyzer to resolve IPs to hostname

After these steps: under the LogView -> FortiGate -> Traffic, the column 'Destination Name' (dstname) should be enabled under 'More Columns' to display the resolved PTR records.

Then, use the search bar and a filter for 'destination name'.

Related articles:

Technical Tip: API calls to search logs from analytics DB / LogView / in FortiAnalyzer

Technical Tip: Configuring FortiGate and FortiAnalyzer to resolve IPs to hostname

Technical Tip: Hostname and Destination name in traffic and UTM logs in FortiOS