Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MattHLC
New Contributor

Workstation Hostnames in Logs

Hello, can't seem to get any solution, should be fairly simple, need to get hostnames of source hosts in alert emails and/or Forticloud.  I tried resolve-ip enable command and set DNS server in the Global VDOM per Fortinet Support instructions but no luck.  They said after many days of "research" that it wasn't possible to customize alert email fields either.  Will FSSO get me this in any way?  I think Forticlient will just get me user names field but not hostnames.  I saw on Forticloud in a few log Column Settings fields that there was a Hostname option but it wasn't populated and Forticloud team removed this during the December maintenance.  Fortianalzyer also has the field (Demo site) but I didn't see anything populated in it.  I know Fortiview and Forward Logs have them from the Device Detection feature but again logs and FortiCloud logs don't!  I am holding out that FSSO will do this but haven't had a chance to setup a DC and dump the collector agents inline.

1 REPLY 1
FortiKoala
Staff
Staff

FortiCloud reports should resolve IPs to host names for websites (external) by default. But local IPs will not be resolved to computer names though.

 

There is no option on FortiCloud to view the PC/Server/Device name.This is by design. In the default FortiCloud report you will get only IP addresses of devices and this is by design. You can not change it even if you can see hostname in logs.

Only customized reports have this option (to see usernames and host names in the reports) but you can customize the reports only if you buy FortiCloud license.

 

You can try enabling device identification http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-managing-devices/Device%20monitoring....

 

If you have a FortiCloud license and still cannot see the hostnames  I would suggest creating a ticket on the fortinet support page http://support.fortinet.com they should use the hostname field in the logs i.e. ...... hostname=MYSERVER profile=....

 

Labels
Top Kudoed Authors