Successful VPN login event not sent to external syslog server
FortiGate 1100E with FortiOS v6.4.14 build2093 (GA)
We have a SIEM to collect and correlate events from multiple sources. On Fortigate we have configured SIEM as an external syslog server and it work well BUT i've noticed that only failed ssl-vpn login were sent.
Any idea how to configure Fortigate to sent also successful ssl-vpn login to external syslog?
We had this same issue a few weeks ago, but they were trying to do it against our clientless vpn. Fortunately everything on our CVPN has it's own web front now so we didn't have a need for it anymore and we just shut it down. Our client requires an email address so you can't even attempt just a username. I had opened a ticket with support and was told they couldn't tell me how they were attempting the logins to generate the log but that the firewall was handling them as designed by not allowing them because they weren't in the allowed list.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.