Skip to main content
Carl_Wallmark
Carl_Wallmark
New Member
November 22, 2007
Question

Usernames instead of IP in reports

  • November 22, 2007
  • 3 replies
  • 4010 views
Hi ! We just bought a FortiAnalyzer 100B to test the reports, and my questian is: is it possible to get usernames in the reports instead of local IP adresses ?? Thanks !

    3 replies

    ounass
    ounass
    New Member
    November 22, 2007
    Hello I Have the same problem. I try with alias but it doesn' t work. I try with FSAE but it dosn' t work too.
    rwpatterson
    rwpatterson
    New Member
    December 13, 2007
    Anyone figure out if it' s possible to get AD names in reports? Just upped the firmware on the FAZ to MR5, and am still unable to accomplish this. Thanks
    rwpatterson
    rwpatterson
    New Member
    December 16, 2007
    This is gonna be long winded, but it' s a solution that is working, at least on the test scenario I have tried. [ul]
  • Install FSAE on the AD server (I used v021)
  • Set the DNS on the AD server to receive automatic updates from any IP domains that will be using this method
  • Set the workstations to ' Register this connection' s addresses in DNS' under the ' network card properties > TCP/IP > Advanced > DNS' . I did not select the next option to use the suffix as well. This WILL NOT WORK if the workstation ID is not populated in the AD DNS table!!
  • After pulling my hair out for some time, we discovered the only way for this to work is to set the DHCP service to automatic, even if you hard code the IP addresses like we do[/ul] Set up the AD server on the FGT like the documentation states, and add that authentication method to the policies you wish to have names appear in. I then ran a report and filtered on my name, and the report showed me my name as opposed to my IP address. Sweeeeeeet!
    • doshbass
    doshbass
    New Member
    December 16, 2007
    Hmm, I don' t know whatthe problem is here. If you authenticate the user to teh FG, either LDAP, Radius, Local or AD, then the FG sends the username in the logs. So given that the raw data is there, is the problem with the Analyzer not having a user report?
    rwpatterson
    rwpatterson
    New Member
    December 16, 2007
    Prior to using AD, we only used local authentication. People inside surfing the web did not need to authenticate to get out, so no names were available to be placed in the FAZ reports, hence the issue. Now all users will invisibly be authenticated (they won' t know), and then we will have the ability to see these names in our reports.
    doshbass
    doshbass
    New Member
    December 16, 2007
    Ah, So you were trying to get the FAZ to resolve username to IP via DNS. OF course that would mess you up if you were looking at last months report and asked it to resolve today. Jon
    Terms & ConditionsAccessibility statement