I'm running some automated reporting against FortiClient logging in FortiAnalzyer and I have a few questions.
First, around the 'Username' field. Our organization uses alias for the client's domain username, meaning Joe.Sixpack@company.com or JoeS@co.com are equally viable for logging in. FortiClient users are unverified and authenticate using SAML against Azure EntraID. For some users I see the username 'joe.sixpack' and others I see 'JoeS@co.com'. The question is, how is that information being logged? What is being used in the System Event logs for example. Ideally, I'd have the username not the alias.
Secondly, there is other information being gleaned from the SAML authentication i.e. employee number and email address that I do not see in the logs. When I attempted to add the field to my custom report because when I hover over the 'source' variable $log, I see a field like euid which appears invalid when I try to test the query.
Any insight would be very helpful. Thanks in advance, -Mark
Hello Mark,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello,
We are still looking for someone to help you.
We will come back to you ASAP.
Thanks,
Hi Mark,
Did you already check this Document?: https://docs.fortinet.com/document/forticlient/7.4.1/ems-quickstart-guide/751889/communication-with-...
Regards,
Thanks Anthony, getting logs, even Web Filter logs isn't the issue. It's more what *is* logged and "filterable" in the log view versus what is logged in the underlying FortiAnalyzer database. When I'm writing a custom sql query there is indication of more data being logged than can be filtered.
I'm not a sql guy and some of the sql functions are Forti-specific and not well documented. So it's difficult to muddle my way through to try to find what I need to fill the request I've been given.
Hi Mark,
Oh ok. I will try then to look for an expert for this specific question.
Thank you.
Regards,
User | Count |
---|---|
2522 | |
1347 | |
794 | |
639 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.