Description | This article provides useful XML Filters to track FSSO user logon events in Windows Event Viewer. |
Scope | Fortinet Single Sign-On (FSSO). |
Solution |
In the FSSO DC-Agent or Polling setup, sometimes users encounter missing logon events for specific users on the FSSO Collector Agent. Go to Event Viewer -> Windows Logs -> Security -> Filter Current Log -> XML:
<QueryList> <Query Id="0" Path=file_path> <Select Path= file_path>*[EventData[Data[@Name="TargetUserName"]=" USER123"]]</Select> </Query> </QueryList>
<QueryList> <Query Id="0" Path=file_path> <Select Path=file_path>*[EventData[Data[@Name="IpAddress"]="x.x.x.x"]]</Select> </Query> </QueryList>
<QueryList> <Query Id="0" Path=file_path> <SelectPath=file_path>*[EventData[Data[@Name="WorkstationName"]="WORKSTATION"]]</Select> </Query> </QueryList>
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.