Is it possible to delete an account from the FAC database that has been locked due to inactivity?
i.e. an account expires after one year from creation, however I need this removed if no user activity has been recorded for 30 days.
You can enter multiple fields in the search term as shown:
Dr. Carl Windsor
Field Chief Technology Officer
I try to search -> purging deleted, but the searching result is empty (0 log record).
The reason i search the two keywords because i need the purging user account information and deleted disabled information (as they are correlated) in a single view.
I notice that there is type id, is the id show related event (for example purging user then deleted user) only. Is there any other event will trigger the same id?
>I try to search -> purging deleted, but the searching result is empty (0 log record).
This is correct as the search is an implicit AND not OR i.e. your search will look for logs containing purging AND deleted. Additional logic to search using OR is not currently supported.
There are other events which will trigger this ID. Log Type 10003 is a general "Entry Deleted" log and can be triggered by deleting a user (manually) or a FortiToken for example.
If this is not adequate for your needs, please raise a feature request via your Fortinet Account Manager.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.