Skip to main content
Bruce7x2
Bruce7x2
Explorer
November 27, 2023
Solved

[FortiSIEM]Default logon report of Terminal/CLI

  • November 27, 2023
  • 6 replies
  • 2044 views

Dear Team,

Whether FortiSIEM support the default logon report of Supervisor/Collector Terminal/CLI?

I know that FortiSIEM GUI(admin) supports a Default Report "All FortiSIEM GUI Logon Attempts",But I can't find any report that shows the logon of Supervisor/Collector Terminal/CLI.

I would like to know whether this default report exists.

Or How I can create a report template to meet it. 

Best answer by FSM_FTNT

Hi Bruce,

 

When you SSH to FortiSIEM, it will by default, send that event into FortiSIEM and can be queried by analytics.

You should be able to search for:

Event Type = Generic_Unix_Successful_SSH_Login

You can also run the out the box report "Logon: Unix Server Logons" and can add the "Event Type = Generic_Unix_Successful_SSH_Login" to the filter if needed.

You can also search Resources / Reports /Devices /Unix and then search for Logon, you will see several out the box reports that can be customised.

6 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
November 29, 2023

Hello Bruce, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
November 30, 2023

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

 

Thanks,

Jean-Philippe - Fortinet Community Team
Bruce7x2
Bruce7x2Author
Explorer
December 4, 2023

Dear Philippe,

Any update?

premchanderr
Staff & Editor
premchanderr
Staff & Editor
December 4, 2023

Hi Bruce,

 

There is no default logon report for CLI login/logoff , also this information is not recorded in event types on GUI as well. 

 

You can only get this information in CLI and many linux forums can assist in this. 

    Bruce7x2
    Bruce7x2Author
    Explorer
    December 4, 2023

    As your reply

    If I configure the Syslog configuration of rocky Linux (Supervisor/Collector), whether I can see the logon status on Dashboard>Server>Logon > Linux Logon Success/Failure...
    Do you think that it works properly? 

    FSM_FTNT
    Staff
    FSM_FTNTAnswer
    Staff
    December 4, 2023

    Hi Bruce,

     

    When you SSH to FortiSIEM, it will by default, send that event into FortiSIEM and can be queried by analytics.

    You should be able to search for:

    Event Type = Generic_Unix_Successful_SSH_Login

    You can also run the out the box report "Logon: Unix Server Logons" and can add the "Event Type = Generic_Unix_Successful_SSH_Login" to the filter if needed.

    You can also search Resources / Reports /Devices /Unix and then search for Logon, you will see several out the box reports that can be customised.

      Terms & ConditionsAccessibility statement