Help
FortiSIEM Discussions
Bruce7x2
New Contributor III

Created on ‎11-26-2023 07:26 PM

[FortiSIEM]Default logon report of Terminal/CLI

Dear Team,

Whether FortiSIEM support the default logon report of Supervisor/Collector Terminal/CLI?

I know that FortiSIEM GUI(admin) supports a Default Report "All FortiSIEM GUI Logon Attempts",But I can't find any report that shows the logon of Supervisor/Collector Terminal/CLI.

I would like to know whether this default report exists.

Or How I can create a report template to meet it. 

Bruce Liu
Bruce Liu
Labels:
900
0 Kudos
1 Solution
FSM_FTNT
Staff
Staff

Created on ‎12-04-2023 09:29 AM

Hi Bruce,

 

When you SSH to FortiSIEM, it will by default, send that event into FortiSIEM and can be queried by analytics.

You should be able to search for:

Event Type = Generic_Unix_Successful_SSH_Login

You can also run the out the box report "Logon: Unix Server Logons" and can add the "Event Type = Generic_Unix_Successful_SSH_Login" to the filter if needed.

You can also search Resources / Reports /Devices /Unix and then search for Logon, you will see several out the box reports that can be customised.

View solution in original post

802
6 REPLIES 6
Jean-Philippe_P
Moderator
Moderator

Created on ‎11-29-2023 06:02 AM

Hello Bruce, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
867
0 Kudos
Jean-Philippe_P
Moderator
Moderator

Created on ‎11-30-2023 07:19 AM

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

 

Thanks,

Jean-Philippe - Fortinet Community Team
858
0 Kudos
Bruce7x2
New Contributor III

Created on ‎12-04-2023 12:42 AM

Dear Philippe,

Any update?

Bruce Liu
Bruce Liu
828
0 Kudos
premchanderr
Staff
Staff

Created on ‎12-04-2023 01:54 AM

Hi Bruce,

 

There is no default logon report for CLI login/logoff , also this information is not recorded in event types on GUI as well. 

 

You can only get this information in CLI and many linux forums can assist in this. 

Regards,
Prem Chander R
822
Bruce7x2
New Contributor III

Created on ‎12-04-2023 02:04 AM

As your reply

If I configure the Syslog configuration of rocky Linux (Supervisor/Collector), whether I can see the logon status on Dashboard>Server>Logon > Linux Logon Success/Failure...
Do you think that it works properly? 

Bruce Liu
Bruce Liu
817
0 Kudos
FSM_FTNT
Staff
Staff

Created on ‎12-04-2023 09:29 AM

Hi Bruce,

 

When you SSH to FortiSIEM, it will by default, send that event into FortiSIEM and can be queried by analytics.

You should be able to search for:

Event Type = Generic_Unix_Successful_SSH_Login

You can also run the out the box report "Logon: Unix Server Logons" and can add the "Event Type = Generic_Unix_Successful_SSH_Login" to the filter if needed.

You can also search Resources / Reports /Devices /Unix and then search for Logon, you will see several out the box reports that can be customised.

803
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.