Skip to main content
shin_amuro
shin_amuro
New Member
February 2, 2018
Solved

Login failed from 127.0.0.1

  • February 2, 2018
  • 2 replies
  • 61856 views

Hi,

 

I am getting the following log every around 15 minutes on my 50E.

 

Administrator admin login failed from http(127.0.0.1) because of invalid password

 

Any has any idea on what is this could be?

 

Thanks

    Best answer by Wayne11

    I bet you use FortiAnalyzer. Check the login credentials you have configured on both sides, on the FAZ and the FG.

    2 replies

    Wayne11
    Wayne11Answer
    Explorer
    February 3, 2018

    I bet you use FortiAnalyzer. Check the login credentials you have configured on both sides, on the FAZ and the FG.

      plz
      plz
      New Member
      September 17, 2018

      Wayne1 wrote:

      I bet you use FortiAnalyzer. Check the login credentials you have configured on both sides, on the FAZ and the FG.

       

      Wayne1, my login credentials FG201E is the same as FAZ200F. 

      i also got this event log and my customer wondering what is this "Administrator admin login failed from http(127.0.0.1) because of invalid password" anyone can explain to me.

      Hosemacht
      Hosemacht
      Explorer
      September 17, 2018

      Hey there,

       

      i think he means : go to you Analyzer-> Device Management -> Edit your Device and edit Admin User and Password.

       

      Regards

      obasyouni
      obasyouni
      New Member
      October 30, 2020
      https://kb.fortinet.com/kb/documentLink.do?externalID=FD47698 Description This article explains why under some circumstances, FortiGate can show successful (or failed) logins from 127.0.0.1 when logging to a FortiAnalyzer. Solution When FortiGates are configured to log to FortiAnalyzer, under some circumstances there can be logs regarding admin logins (or failed attempts) from 127.0.0.1. FortiAnalyzer not only shows information based on FortiGate logs, but can retrieve additional information from the FortiGate directly. This is done by FortiAnalyzer triggering a login from the miglogd daemon running on FortiGate and then querying the FortiGate API. Due to FortiAnalyzer communicating with the miglogd daemon in FortiGate and triggering the login from there, FortiGate can report an admin login from 127.0.0.1 (as the login comes from a local daemon). If FortiAnalyzer does not have correct credentials for FortiGate, then the login can fail and a log message regarding a failed login from 127.0.0.1 will be generated. Note: Login credentials to be used by FortiAnalyzer can be set from the GUI under Device Manager , select 'FortiGate' and then ‘Edit’.
      Terms & ConditionsAccessibility statement