Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Pradhumna_FTNT
Staff
Staff

Created on ‎08-26-2009 11:20 AM Edited on ‎12-11-2025 08:10 AM By Community Manager

Article Id 193570

Technical Tip: How to create a FortiAnalyzer user forensic analysis report

Description

 

This article describes how to create a user report in 4.0 in order to report on a specific user's web browsing habits. (This is similar to the forensic style report in 3.0).

 

Scope

 

FortiAnalyzer


Solution

 

  1. Go to Log -> Browse, then open the log file for the web filter of the desired FortiGate device.

sotoole_FD30897_LOG-Browse.JPG
 
  1. Select User filter and find the LDAP string of the user name by looking for user name as shown.

sotoole_FD30897_user-filter.JPG

  1. In the log display, highlight and copy the full LDAP user name string.

sotoole_FD30897_username string.JPG

  1. Open the report schedule for User_Forensic_Report.

sotoole_FD30897_User_Forensic_Report.JPG

  1. In the USER field, paste the user name string copied earlier. Put double quotes around the user name string (that is: 'CN=JMEIXNER,OU=IMC,OU=GH,O=GSD').

Change the schedule, time period, and output options as required.

sotoole_FD30897_FortiGate PRI.JPG

  1. Finally, run the scheduled report.

Related article:

Technical Tip: How to apply a User Filter to a report for forensic analysis

5665
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.