Hi,
In log view or FortiView I'd like to see netbios / host names next to the IP address - or as a column - for each entry. This would save me from doing individual reverse lookups in our internal DNS.
I've looked at the settings and added columns for "host name" but they are not populated. Am I missing a setting somewhere to achieve this?
-------------------------------------------------
Tom Whiteley Infrastructure Engineer
Solved! Go to Solution.
It is possible that your FortiGate is not configured to resolve the IPs to hostname when generating the logs. This is the most accurate approach.
To resolve Destination IP on the FortiGate
config log setting set resolve-ip enable end
But FortiAnalyzer can resolve the IPs for FortiView & Reports, just not Log View.
1) FortiView On FortiAnalyzer, for FortiView widgets, using DNS resolution to resolve IPs to hostname is configurable via the CLI: config system fortiview setting set resolve-ip {enable | disable} end 2) Reports "Resolve hostname" can be configured at both Report & Chart level
It is possible that your FortiGate is not configured to resolve the IPs to hostname when generating the logs. This is the most accurate approach.
To resolve Destination IP on the FortiGate
config log setting set resolve-ip enable end
But FortiAnalyzer can resolve the IPs for FortiView & Reports, just not Log View.
1) FortiView On FortiAnalyzer, for FortiView widgets, using DNS resolution to resolve IPs to hostname is configurable via the CLI: config system fortiview setting set resolve-ip {enable | disable} end 2) Reports "Resolve hostname" can be configured at both Report & Chart level
Thank you!
I'll look at implementing it on the FortiGates themselves eventually but I've enabled it in Analyzer as you described and that gives me enough information to get me started. It's a shame it's not available in Log View but I'll try to find another way to get that information.
Thanks again.
-------------------------------------------------
Tom Whiteley Infrastructure Engineer
Hello,
i've a FortiAnalyzer with platform FAZVM64.
when i generate an application risk and control report, there are missed vulnerabilities hostname target and that way I don't know where and who to patch to fix the vulnerabilities.Can you help me ? Thanks
I have my report setup to resolve the srcip and dstip to hostnames, but is there a way for me to have my source hostname and source ip and destination hostname and destination ip in the same report? When I enable resolve hostname on my report it changes my srcip and dstip to hosts.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.