|
The following configuration options are available under alertemail settings which can be enabled to generate alert emails containing log messages.
# config alertemail setting
set admin-login-logs [enable|disable]
set firewall-authentication-failure-logs [enable|disable]
admin-login-logs generate administrator login/logout logs in alert email.
An example of the log generated by admin-login-logs is as follows:
date=2023-04-05 time=11:38:06 devname=BORDER-FGT devid=FGT60FTK19009408 eventtime=1680709086239594580 tz="-0400" logid="0100032003" type="event" subtype="system" level="information" vd="root" logdesc="Admin logout successful" sn="1680707853" user="admin" ui="https(169.254.1.1)" method="https" srcip=169.254.1.1 dstip=169.254.176.151 action="logout" status="success" duration=1233 state="Config-Changed" reason="timeout" msg="Administrator admin timed out on https(169.254.1.1)"
firewall-authentication-failure-logs log the events where user authentication has been enabled on the policy and it fails.
An example of the log generated by firewall-authentication-failure-logs is as follows:
date=2023-04-05 time=11:30:29 devname=BORDER-FGT devid=FGT60FTK19009408 eventtime=1680708629542320970 tz="-0400" logid="0102043009" type="event" subtype="user" level="notice" vd="root" logdesc="Authentication failed" srcip=192.168.10.14 dstip=172.31.0.1 policyid=37 interface="internal2" user="test" group="N/A" authproto="HTTP(192.168.10.14)" action="authentication" status="failure" reason="N/A" msg="User test failed in authentication"
Related KB articles:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Active-authentication-firewall-policy-fall...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-alert-email-settings/ta-p...
|
