Description
This article explains how to view the historic logs for users connected through SSL VPN.
Scope
FortiGate with SSL VPN.
Solution
The historic logs for users connected through SSL VPN can be viewed under a different location depending on the FortiGate version:
- Log & Report -> Event Log -> VPN in v5.2.x.
- Log & Report -> VPN Events in v5.4.x.
- Log & Report -> VPN Events in v6.0.x.
- Log & Report -> Events and select 'VPN Events' in 6.2.x and 7.0.x
- Log & Report -> System Events and select 'VPN Events' in 7.2.x.
It is necessary to use the Add Filter option to add 'Action: tunnel-Up' or 'Action: tunnel-down' depending on requirements as shown in the following screenshots.
Once the log has been selected for the required date, the user identifier will be shown as part of the detailed log display. In the following examples, user 'mb' is connected through SSL VPN.
It should be noted that the filter name 'User' is only available from FortiOS v5.4.1 and above. For previous versions select Filter 'Action'.
- FortiOS v5.2.x:
- FortiOS v5.4.x:
- FortiOs v6.0.x:
- FortiOs v6.2.x:
- FortiOS v7.0.x:
- FortiOS v7.2.x:
Note:
Make sure that the VPN activity event is enabled.
To log VPN events from the GUI:
- Go to Log & Report -> Log Settings.
- Verify that the VPN activity event option is selected.
- Select Apply.
