log anonymizing

Holy · ‎02-23-2015

Hello everyone,

i am talking about this cli command: set user-anonymize [enable | disable]

• Replace user names with anonymous in log messages

so i can anonymize users, so far so good. But if i now i see a missbehavior of a "Anonymus" on my log or report. How can i find out which user it was? if i disable anonymization the old Logs still be "Anonymus"

anybody some experiance with that? is there some kind of workaround?

Anonymization is very Important for German customers when they do User Based authentication and loggin reporting, because of Compliance Rules. Actually you do need 2 People to deanonymize. (like by using 2 different password for deanonymization) is there a possibility to do it with a fortigate?

thank you

NSE 8

NSE 1 - 7

Baptiste · ‎02-24-2015

Hi As far as I understand, username is replaced by the word anonymous when logs are sent, so I don't think you can recover real username.

http://help.fortinet.com/fos50hlp/50/FortiOS%205.0%20Help/new-features-5.0.5.005.26.html

But I agree, it would be a nice improvement :

by default print anonymous or stars on logs , and add a magic button/check box on report to enable full username reporting.

2 FGT 100D + FTK200

3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E

log anonymizing

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website