FortiDeceptor logging
FortiDeceptor logs are supported on FortiAnalyzer.
To view FortiDeceptor logs on FortiAnalyzer:
- On FortiDeceptor, go to Log > Log Servers, and click Create New to create a new remote log server.
- Configure the following details:
- Enter a name for the remote log server. For example:
To_Test_FAZ
. - Select FortiAnalyzer as the server Type.
- Keep the default settings for all other options.
- Enter a name for the remote log server. For example:
- On FortiAnalyzer, go to Device Manager > Unauthorized.
FortiDeceptor appears in the unregistered devices table. - Authorize the FortiDeceptor device to an ADOM, for example the root which is a Fabric ADOM.
All logs sent by FortiDeceptor are stored in the root ADOM and displayed in Log View.
Below are sample raw logs from FortiDeceptor:
date=2020-03-12 time=16:54:01 id=6861604606372216836 itime=2020-08-16 08:30:17 euid=1 epid=1 dsteuid=1 dstepid=1 devhost=FDC-VM0000000552 tz=PDT logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Logout status=Success msg=Administrator admin logged out website successfully from 172.18.32.10 devid=FDC-VM0000000353 dtime=2020-03-12 16:54:01 itime_t=1597591817 devname=FDC-VM0000000353
date=2020-03-12 time=16:49:16 id=6861604602077249536 itime=2020-08-16 08:30:16 euid=1 epid=1 dsteuid=1 dstepid=1 devhost=FDC-VM0000000552 tz=PDT logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Login status=Success msg=Administrator admin logged into website successfully from 172.18.32.10 devid=FDC-VM0000000353 dtime=2020-03-12 16:49:16 itime_t=1597591816 devname=FDC-VM0000000353