Fortinet black logo

New Features

Home FortiAnalyzer 6.4.0 New Features

FortiDeceptor logging

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 437aa0e1-63d2-11ea-9384-00505692583a:140589
Download PDF

FortiDeceptor logging

FortiDeceptor logs are supported on FortiAnalyzer.

To view FortiDeceptor logs on FortiAnalyzer:
  1. On FortiDeceptor, go to Log > Log Servers, and click Create New to create a new remote log server.
  2. Configure the following details:
    • Enter a name for the remote log server. For example: To_Test_FAZ.
    • Select FortiAnalyzer as the server Type.
    • Keep the default settings for all other options.
  3. On FortiAnalyzer, go to Device Manager > Unauthorized.
    FortiDeceptor appears in the unregistered devices table.
  4. Authorize the FortiDeceptor device to an ADOM, for example the root which is a Fabric ADOM.
    All logs sent by FortiDeceptor are stored in the root ADOM and displayed in Log View.

Below are sample raw logs from FortiDeceptor:

date=2020-03-12 time=16:54:01 id=6861604606372216836 itime=2020-08-16 08:30:17 euid=1 epid=1 dsteuid=1 dstepid=1 devhost=FDC-VM0000000552 tz=PDT logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Logout status=Success msg=Administrator admin logged out website successfully from 172.18.32.10 devid=FDC-VM0000000353 dtime=2020-03-12 16:54:01 itime_t=1597591817 devname=FDC-VM0000000353

date=2020-03-12 time=16:49:16 id=6861604602077249536 itime=2020-08-16 08:30:16 euid=1 epid=1 dsteuid=1 dstepid=1 devhost=FDC-VM0000000552 tz=PDT logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Login status=Success msg=Administrator admin logged into website successfully from 172.18.32.10 devid=FDC-VM0000000353 dtime=2020-03-12 16:49:16 itime_t=1597591816 devname=FDC-VM0000000353

Previous
Next

FortiDeceptor logging

FortiDeceptor logs are supported on FortiAnalyzer.

To view FortiDeceptor logs on FortiAnalyzer:
  1. On FortiDeceptor, go to Log > Log Servers, and click Create New to create a new remote log server.
  2. Configure the following details:
    • Enter a name for the remote log server. For example: To_Test_FAZ.
    • Select FortiAnalyzer as the server Type.
    • Keep the default settings for all other options.
  3. On FortiAnalyzer, go to Device Manager > Unauthorized.
    FortiDeceptor appears in the unregistered devices table.
  4. Authorize the FortiDeceptor device to an ADOM, for example the root which is a Fabric ADOM.
    All logs sent by FortiDeceptor are stored in the root ADOM and displayed in Log View.

Below are sample raw logs from FortiDeceptor:

date=2020-03-12 time=16:54:01 id=6861604606372216836 itime=2020-08-16 08:30:17 euid=1 epid=1 dsteuid=1 dstepid=1 devhost=FDC-VM0000000552 tz=PDT logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Logout status=Success msg=Administrator admin logged out website successfully from 172.18.32.10 devid=FDC-VM0000000353 dtime=2020-03-12 16:54:01 itime_t=1597591817 devname=FDC-VM0000000353

date=2020-03-12 time=16:49:16 id=6861604602077249536 itime=2020-08-16 08:30:16 euid=1 epid=1 dsteuid=1 dstepid=1 devhost=FDC-VM0000000552 tz=PDT logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Login status=Success msg=Administrator admin logged into website successfully from 172.18.32.10 devid=FDC-VM0000000353 dtime=2020-03-12 16:49:16 itime_t=1597591816 devname=FDC-VM0000000353

Previous
Next