Fortimanager/Fortigate - enable logging of VPN successful logins

Jond · ‎06-03-2024

Hi all,

I have a Fortimanager managed set of Fortigates.

For reasons unknown I don't see any logs of those successfully logging into the SSL VPN.

I've searched high and low but can't find anything in Fortimanager to deploy to change this behaviour?

Any pointers most appreciated!

Cheers

Jon

FortiManager

Debbie_FTNT · ‎06-03-2024

Hey Jon,

first thing to check would be if FortiGate even generates the logs; if you have FortiGates without disk, then they probably don't log this by default.

You can see a FortiGate's logging settings in FortiManager > Device Manager section; you might need to enable additional visibility under the Tools menu, though.

If you still can't find anything on logging (this may depend on firmware version of the Manager), then enable CLI options in the Tools > Visibility menu, and then navigate to 'log' on the tree under CLI to find the CLI equivalent of logging settings.

Check the following:
'config log memory setting' -> is this enabled?
'config log memory filter' -> is this 'severity' set to warning? If yes, change this to information so FortiGate logs all logs

-> please do note that this will have an impact on FortiGate memory usage

'config log eventfilter' -> is 'vpn' set to enabled?

Cheers,

Debbie

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

Jond · ‎06-20-2024

Hi Debbie,

We're using FAZ so those logs should have gone through to there?

It's just an easy thing, I thought, just to record who logs in successfully lol!

Cheers

Jon

Fortimanager/Fortigate - enable logging of VPN successful logins

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website