Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TomWhi
New Contributor

Hostnames in FortiAnalyzer

Hi,

 

In log view or FortiView I'd like to see netbios / host names next to the IP address - or as a column - for each entry. This would save me from doing individual reverse lookups in our internal DNS. 

 

I've looked at the settings and added columns for "host name" but they are not populated.  Am I missing a setting somewhere to achieve this?

-------------------------------------------------

Tom Whiteley Infrastructure Engineer

------------------------------------------------- Tom Whiteley Infrastructure Engineer
1 Solution
chall_FTNT
Staff
Staff

It is possible that your FortiGate is not configured to resolve the IPs to hostname when generating the logs.  This is the most accurate approach.

 

To resolve Destination IP on the FortiGate

config log setting set resolve-ip enable end

 

But FortiAnalyzer can resolve the IPs for FortiView & Reports, just not Log View.

 

1) FortiView On FortiAnalyzer, for FortiView widgets, using DNS resolution to resolve IPs to hostname is configurable via the CLI: config system fortiview setting set resolve-ip {enable | disable} end 2) Reports "Resolve hostname" can be configured at both Report & Chart level

Chris Hall
Fortinet Technical Support

View solution in original post

4 REPLIES 4
chall_FTNT
Staff
Staff

It is possible that your FortiGate is not configured to resolve the IPs to hostname when generating the logs.  This is the most accurate approach.

 

To resolve Destination IP on the FortiGate

config log setting set resolve-ip enable end

 

But FortiAnalyzer can resolve the IPs for FortiView & Reports, just not Log View.

 

1) FortiView On FortiAnalyzer, for FortiView widgets, using DNS resolution to resolve IPs to hostname is configurable via the CLI: config system fortiview setting set resolve-ip {enable | disable} end 2) Reports "Resolve hostname" can be configured at both Report & Chart level

Chris Hall
Fortinet Technical Support
TomWhi

Thank you!

 

I'll look at implementing it on the FortiGates themselves eventually but I've enabled it in Analyzer as you described and that gives me enough information to get me started. It's a shame it's not available in Log View but I'll try to find another way to get that information. 

 

Thanks again. 

-------------------------------------------------

Tom Whiteley Infrastructure Engineer

------------------------------------------------- Tom Whiteley Infrastructure Engineer
ggallo

Hello,

i've a FortiAnalyzer with platform FAZVM64.

when i generate an application risk and control report, there are  missed  vulnerabilities  hostname target and that way I don't know where and who to patch to fix the vulnerabilities.Can you help me ?  Thanks

Harte72

I have my report setup to resolve the srcip and dstip to hostnames, but is there a way for me to have my source hostname and source ip and destination hostname and destination ip in the same report?  When I enable resolve hostname on my report it changes my srcip and dstip to hosts.

Labels
Top Kudoed Authors