Technical Tip: How to configure a FortiGate unit to hide usernames in logs
| Description | This article describes how to configure a FortiGate unit to hide usernames in traffic logs and UTM logs; the username will be displayed as 'anonymous'. |
| Scope | FortiOS 6.x, FortiOS 7.x |
| Solution | It is assumed that logging is enabled in firewall policy and UTM profiles and that identity-based policies are configured on the FortiGate unit.
To configure this setting, CLI access is required. Connect to the FortiGate unit CLI and execute the following commands: config log setting set user-anonymize enable end  Verification: A log entry similar to the following should appear: date=2024-11-28 time=12:22:24 eventtime=1732767744496272323 tz="+0800" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=10.212.134.200 srcport=52888 srcintf="ssl.root" srcintfrole="undefined" dstip=172.217.174.174 dstport=443 dstintf="port1" dstintfrole="undefined" srccountry="Reserved" dstcountry="United States" sessionid=18788799 proto=17 action="accept" policyid=9 policytype="policy" poluuid="d6221aea-18d0-51ef-882d-3bd88b3f8b7b" policyname="SSLVPN-INTERNET" user="anonymous" group="SSLVPN" service="UDP443" trandisp="snat" transip=10.47.1.54 transport=52888 duration=180 sentbyte=3834 rcvdbyte=1228 sentpkt=3 rcvdpkt=1 appcat="unscanned"  The value 'test' has been changed to 'anonymous'. It should be noted that after configuring this setting, log messages on an associated FortiAnalyzer will also display the username as 'anonymous' since the log message is generated on the FortiGate unit. |