Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fullmoon
Contributor III

user log audit

Seeking your help based on the information needed. I have my AD server installed in Win 2019. Using Analytics what I can get is users windows log on/log off events only. I need to generate the ff information.

1. Lists of user/s changed their password

2. Lists of account nearing to expire 3. Lists of user/s access history (user(x) may use file sharing to access folder and files, telnet or ssh to other devices)

 

Hoping anyone could share their procedure.

 

Thank you

Fortigate Newbie

Fortigate Newbie
1 REPLY 1
xsilver_FTNT
Staff
Staff

Hi Fullmoon,

 

if you want that log from AD, then I'm afraid you might be on a wrong place. As this is forum on products of Fortinet, not Microsoft.

 

However, if those actions were made through FortiGate, for example password change propagated through user authentication from AD to for example SSL VPN Web portal logon on FortiGate. Then you can get more details from Log & Report on FortiGate's GUI (or via CLI 'exec log...'). Pay attention to "Events" sub-logs.

 

Anyway, more info about log types can be found here : https://docs.fortinet.com/document/fortigate/7.2.1/fortios-log-message-reference/524940/introduction 

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors