Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
markcoupe
New Contributor II

Created on ‎04-02-2025 07:29 AM

Forticlient Logging in FortiAnalyzer

I'm running some automated reporting against FortiClient logging in FortiAnalzyer and I have a few questions.

 

First, around the 'Username' field.  Our organization uses alias for the client's domain username, meaning Joe.Sixpack@company.com or JoeS@co.com are equally viable for logging in.  FortiClient users are unverified and authenticate using SAML against Azure EntraID.  For some users I see the username 'joe.sixpack' and others I see 'JoeS@co.com'.  The question is, how is that information being logged?  What is being used in the System Event logs for example.  Ideally, I'd have the username not the alias.

 

Secondly, there is other information being gleaned from the SAML authentication i.e. employee number and email address that I do not see in the logs. When I attempted to add the field to my custom report because when I hover over the 'source' variable $log, I see a field like euid which appears invalid when I try to test the query.

 

Any insight would be very helpful.  Thanks in advance, -Mark 

Mark Coupe
Sr. Network Engineer
Boston Beer Co.
Mark CoupeSr. Network EngineerBoston Beer Co.
Labels:
254
0 Kudos
5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Created on ‎04-06-2025 09:06 PM

Hello Mark,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
212
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎04-08-2025 11:02 PM

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Thanks,

Anthony-Fortinet Community Team.
171
Anthony_E
Community Manager
Community Manager

Created on ‎04-09-2025 10:19 PM

Hi Mark,

 

Did you already check this Document?: https://docs.fortinet.com/document/forticlient/7.4.1/ems-quickstart-guide/751889/communication-with-...

 

Regards,

Anthony-Fortinet Community Team.
137
markcoupe
New Contributor II

Created on ‎04-10-2025 04:37 AM

Thanks Anthony, getting logs, even Web Filter logs isn't the issue.  It's more what *is* logged and "filterable" in the log view versus what is logged in the underlying FortiAnalyzer database.  When I'm writing a custom sql query there is indication of more data being logged than can be filtered.

 

I'm not a sql guy and some of the sql functions are Forti-specific and not well documented.  So it's difficult to muddle my way through to try to find what I need to fill the request I've been given.

Mark Coupe
Sr. Network Engineer
Boston Beer Co.
Mark CoupeSr. Network EngineerBoston Beer Co.
93
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎04-10-2025 04:40 AM

Hi Mark,

 

Oh ok. I will try then to look for an expert for this specific question.

Thank you.

 

Regards,

Anthony-Fortinet Community Team.
89
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.