Technical Tip: How to check Admin Login attempts to FortiGate using FortiAnalyzer for all FortiGates

akaratas · ‎10-23-2024

Description

This article describes how to check admin login attempts on FortiAnalyzer for all FortiGate using LogView, FortiView and Report.

Scope

FortiAnalyzer, FortiAnalyzer Cloud.

Solution

The first option is to use Log View to check successful or unsuccessful Admin login attempts to all FortiGates: Go to LogView -> FortiGate -> Event -> System, select All Devices as a filter like the below screenshot:

Define the time range like below screenshot as logs need to be checked:

The second option is to use FortiView to check successful or unsuccessful Admin login attempts to all FortiGates under FortiView -> System -> Admin Logins, select All Devices as a filter like the below screenshot:

Define the time range like below screenshot as logs need to be checked:

Add Filter Action = Login:

The third option is to create a Report to check successful or unsuccessful Admin login attempts to all FortiGates under Report -> All Reports and use the Security Analysis Report.

Define the time range like the one in the following screenshot as a report needs to be created.

Security Analysis Report outputs can be seen below.

Technical Tip: How to check Admin Login attempts to FortiGate using FortiAnalyzer for all FortiGates

Description

Scope

Solution

You are leaving our website