Finding the User info that edited SSLVPN ...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 227061

Description

This article describes how to find the username who edited the SSLVPN bookmark in web mode using the event logs.

Scope

FortiGate.

Solution

Lets add the SSLVPN bookmark from the user's web portal. From the image, one can see that Fortinet is the SSLVPN user.

For example:

New bookmark that was added looks something like this.

Go to log and report - > Events - > System events.

When logs are checked to verify username, the 'User' field is empty.

But the actual username can be found under the 'Event' field by keyword 'Config Object'.

For ref:

Similar information can be seen from Raw log or downloaded log.

For example:

date=2022-10-18 time=11:11:11 eventtime=1666116671698083054 tz="-0700" logid="0100044547" type="event" subtype="system" level="information" vd="root" logdesc="Object attribute configured" ui="sslvpnd" action="Edit" cfgtid=9306310 cfgpath="vpn.ssl.web.user-bookmark" cfgobj="fortinet#" cfgattr="bookmarks:test5[url[10.1.1.1]]" msg="Edit vpn.ssl.web.user-bookmark fortinet#"

59 KB

26 KB

25 KB

922

Contributors

ssenthil
Anonymous

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: Finding the User info that edited SSLVPN bookmark in web mode

You are leaving our website