Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

FortiDeceptor logging

FortiDeceptor logs are supported on FortiAnalyzer.

To view FortiDeceptor logs on FortiAnalyzer:
  1. On FortiDeceptor, go to Log > Log Servers, and click Create New to create a new remote log server.
  2. Configure the following details:
    • Enter a name for the remote log server. For example: To_Test_FAZ.
    • Select FortiAnalyzer as the server Type.
    • Keep the default settings for all other options.
  3. On FortiAnalyzer, go to Device Manager > Unauthorized.
    FortiDeceptor appears in the unregistered devices table.
  4. Authorize the FortiDeceptor device to an ADOM, for example the root which is a Fabric ADOM.
    All logs sent by FortiDeceptor are stored in the root ADOM and displayed in Log View.

Below are sample raw logs from FortiDeceptor:

date=2020-03-12 time=16:54:01 id=6861604606372216836 itime=2020-08-16 08:30:17 euid=1 epid=1 dsteuid=1 dstepid=1 devhost=FDC-VM0000000552 tz=PDT logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Logout status=Success msg=Administrator admin logged out website successfully from 172.18.32.10 devid=FDC-VM0000000353 dtime=2020-03-12 16:54:01 itime_t=1597591817 devname=FDC-VM0000000353

 

date=2020-03-12 time=16:49:16 id=6861604602077249536 itime=2020-08-16 08:30:16 euid=1 epid=1 dsteuid=1 dstepid=1 devhost=FDC-VM0000000552 tz=PDT logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Login status=Success msg=Administrator admin logged into website successfully from 172.18.32.10 devid=FDC-VM0000000353 dtime=2020-03-12 16:49:16 itime_t=1597591816 devname=FDC-VM0000000353

FortiDeceptor logging

FortiDeceptor logs are supported on FortiAnalyzer.

To view FortiDeceptor logs on FortiAnalyzer:
  1. On FortiDeceptor, go to Log > Log Servers, and click Create New to create a new remote log server.
  2. Configure the following details:
    • Enter a name for the remote log server. For example: To_Test_FAZ.
    • Select FortiAnalyzer as the server Type.
    • Keep the default settings for all other options.
  3. On FortiAnalyzer, go to Device Manager > Unauthorized.
    FortiDeceptor appears in the unregistered devices table.
  4. Authorize the FortiDeceptor device to an ADOM, for example the root which is a Fabric ADOM.
    All logs sent by FortiDeceptor are stored in the root ADOM and displayed in Log View.

Below are sample raw logs from FortiDeceptor:

date=2020-03-12 time=16:54:01 id=6861604606372216836 itime=2020-08-16 08:30:17 euid=1 epid=1 dsteuid=1 dstepid=1 devhost=FDC-VM0000000552 tz=PDT logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Logout status=Success msg=Administrator admin logged out website successfully from 172.18.32.10 devid=FDC-VM0000000353 dtime=2020-03-12 16:54:01 itime_t=1597591817 devname=FDC-VM0000000353

 

date=2020-03-12 time=16:49:16 id=6861604602077249536 itime=2020-08-16 08:30:16 euid=1 epid=1 dsteuid=1 dstepid=1 devhost=FDC-VM0000000552 tz=PDT logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Login status=Success msg=Administrator admin logged into website successfully from 172.18.32.10 devid=FDC-VM0000000353 dtime=2020-03-12 16:49:16 itime_t=1597591816 devname=FDC-VM0000000353