Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Pradhumna_FTNT
Staff
Staff

Created on ‎08-26-2009 11:20 AM

Article Id 193570

Technical Note: How to create a FortiAnalyzer user forensic analysis report

Description
This article explains how to create a user report in 4.0 in order to report on a specific user's web browsing habits. (This is similar to the forensic style report in 3.0).

This article is applicable only until v4.0 MR3 patch 8.  It does not apply to later versions of firmware.

Solution
1. Go to Log > Browse, then open the log file for the web filter of the desired FortiGate device.

sotoole_FD30897_LOG-Browse.JPG

2. Click on User filter and find the LDAP string of the user name by looking for user name as shown.

sotoole_FD30897_user-filter.JPG


3. In the log display, highlight and copy the full LDAP user name string.

sotoole_FD30897_username string.JPG


4. Open the report schedule for User_Forensic_Report

sotoole_FD30897_User_Forensic_Report.JPG


5. In the USER field, paste the user name string copied earlier. Put double quotes around the user name string: (That is: "CN=JMEIXNER,OU=IMC,OU=GH,O=GSD").

Change the schedule, time period, and output outions as required.

sotoole_FD30897_FortiGate PRI.JPG

6. Finally, Run the scheduled report.

4591
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.