Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 1.7.2
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiPAM 1.7.2 Administration Guide
    1.7.2
    1.8.2
    1.8.1
    1.8.0
    1.7.2
    1.7.1
    1.7.0
    1.6.2
    1.6.1
    1.6.0
    1.5.1
    1.5.0
    1.4.3
    1.4.2
    1.4.1
    1.4.0
    1.3.1
    1.3.0
    1.2.0
    1.1.2
    1.1.1
    1.1.0
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    Security event

    Security event

    Go to Security Event in Log & Report to see logs related to the following:

    The following options are are available in the Summary tab:

    Log Location

    Select a source from where to retrieve logs:

    • Disk (default) (FortiPAM)

    Time frame

    From the dropdown, select from the following time filters:

    • 5 minutes

    • 1 hour

    • 24 hours

    • 7 days

    The following options are available in the Logs tabs:

    Export

    From the Export dropdown, select to export the logs in the following three formats:

    • JSON: Export the selected secret session log to your computer as a JSON file named as secret-xyz-YYYY_MM_DD.json

    • CSV: Export the selected secret session log to your computer as a CSV file named as secret-xyz-YYYY_MM_DD.csv

    • TEXT: Export the selected secret session log to your computer as a text file named as secret-xyz-YYYY_MM_DD.txt

    Refresh

    To refresh the contents, click the refresh icon.

    +Add Filter

    From the dropdown, select a filter, select or add additional details about the filter to be used and hit Enter.

    Note: Logs can be filtered by date and time. The log viewer can be filtered with a custom range or with specific time frames.

    Time frame settings for each Log & Report page are independent. For example, changing the time frame on the System Events page does not automatically change the time frame on the User Events and HA Events pages.

    Antivirus

    From the dropdown, select a tab to display:

    • Antivirus

    • SSH

    • Data Loss Prevention
    Log location

    Select a source from where to retrieve logs:

    • Disk (default) (FortiPAM)
    Time frame

    From the dropdown, select from the following time filters:

    • 5 minutes

    • 1 hour

    • 24 hours

    • 7 days

    • View All

    Details

    Select to see details for the selected log entry.

    Antivirus

    Selecting Antivirus displays logs related to antivirus.

    The antivirus log records when, during the antivirus scanning process, the FortiPAM unit finds a match within the antivirus profile, which includes the presence of a virus or grayware signature.

    SSH

    Selecting SSH displays logs related to SSH.

    For each SSH log, the following columns are displayed:

    • Date/Time

    • Severity

    • Command

    • Secret ID

    • User

    • Message

    • Source IP

    • Source Port

    • Destination IP

    • Destination Port

    Selecting the Corresponding secret or the Corresponding secret video buttons when you right-click an SSH log takes you to the corresponding secret log or the secret video log, respectively.

    The SSH log keeps track of all the events related to the SSH filter profile. It contains information such as the severity of a command, the destination IP and port used to execute the command, and the action associated with the log. The action may be Blocked, indicating the command has been blocked from executing on the secret or Passthrough, representing it is allowed to execute on the secret.

    Data Loss Prevention

    Selecting Data Loss Prevention displays logs related to DLP.

    The data leak prevention (DLP) log provides valuable information about the sensitive data trying to get through to your network as well as any unwanted data trying to get into your network.

    Previous
    Next

    Security event

    Security event

    Go to Security Event in Log & Report to see logs related to the following:

    The following options are are available in the Summary tab:

    Log Location

    Select a source from where to retrieve logs:

    • Disk (default) (FortiPAM)

    Time frame

    From the dropdown, select from the following time filters:

    • 5 minutes

    • 1 hour

    • 24 hours

    • 7 days

    The following options are available in the Logs tabs:

    Export

    From the Export dropdown, select to export the logs in the following three formats:

    • JSON: Export the selected secret session log to your computer as a JSON file named as secret-xyz-YYYY_MM_DD.json

    • CSV: Export the selected secret session log to your computer as a CSV file named as secret-xyz-YYYY_MM_DD.csv

    • TEXT: Export the selected secret session log to your computer as a text file named as secret-xyz-YYYY_MM_DD.txt

    Refresh

    To refresh the contents, click the refresh icon.

    +Add Filter

    From the dropdown, select a filter, select or add additional details about the filter to be used and hit Enter.

    Note: Logs can be filtered by date and time. The log viewer can be filtered with a custom range or with specific time frames.

    Time frame settings for each Log & Report page are independent. For example, changing the time frame on the System Events page does not automatically change the time frame on the User Events and HA Events pages.

    Antivirus

    From the dropdown, select a tab to display:

    • Antivirus

    • SSH

    • Data Loss Prevention
    Log location

    Select a source from where to retrieve logs:

    • Disk (default) (FortiPAM)
    Time frame

    From the dropdown, select from the following time filters:

    • 5 minutes

    • 1 hour

    • 24 hours

    • 7 days

    • View All

    Details

    Select to see details for the selected log entry.

    Antivirus

    Selecting Antivirus displays logs related to antivirus.

    The antivirus log records when, during the antivirus scanning process, the FortiPAM unit finds a match within the antivirus profile, which includes the presence of a virus or grayware signature.

    SSH

    Selecting SSH displays logs related to SSH.

    For each SSH log, the following columns are displayed:

    • Date/Time

    • Severity

    • Command

    • Secret ID

    • User

    • Message

    • Source IP

    • Source Port

    • Destination IP

    • Destination Port

    Selecting the Corresponding secret or the Corresponding secret video buttons when you right-click an SSH log takes you to the corresponding secret log or the secret video log, respectively.

    The SSH log keeps track of all the events related to the SSH filter profile. It contains information such as the severity of a command, the destination IP and port used to execute the command, and the action associated with the log. The action may be Blocked, indicating the command has been blocked from executing on the secret or Passthrough, representing it is allowed to execute on the secret.

    Data Loss Prevention

    Selecting Data Loss Prevention displays logs related to DLP.

    The data leak prevention (DLP) log provides valuable information about the sensitive data trying to get through to your network as well as any unwanted data trying to get into your network.

    Previous
    Next