Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiManager 8.0.0 Administration Guide
    8.0.0
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Using custom session labels to identify sessions in the Event Log

    Using custom session labels to identify sessions in the Event Log

    In some forensic or troubleshooting scenarios, it is necessary to retrace the full sequence of actions performed by FortiManager administrators during a login session. FortiManager supports the optional ability to set custom session labels to make session identification easier.

    When a custom session label is set, all actions performed by the administrator during that session will be tagged with the session label in the Event Log.

    The custom session label feature can be enabled using the FortiManager CLI. By default, this feature is disabled.

    When enabled, you can set the session label mode as one of the following options:

    • Changeable: The custom session label can be changed during an active session (default).

    • Unique per-session: After a custom session label has been set, it cannot be changed until the session is terminated.

    When custom session labels are enabled, it is mandatory for an administrator to set a custom session label.

    Unique session labels are not enforced, which means it is possible to have multiple sessions with the same session label.

    To use custom session labels:

    1. Enable custom session labels in the FortiManager CLI:

      config system admin setting
	set custom-session-label {enable | disable}
	set custom-session-label-mode {changeable | unique-per-session}
end

    2. Log in to the FortiManager GUI.

      Administrators will see a Set Custom Session Label dialog after successfully logging in to FortiManager.

    3. Enter your login credentials and enter a custom session label, then click Login. Custom session labels can be up to 36 characters in length.
      When there are multiple logins from the same administrator, different custom session labels can be used to distinguish the sessions.

    4. View a list of active sessions by going to Dashboard and clicking on the Current Session List icon in the System Information widget.
      The custom session labels for active users are displayed.

    5. Go to System Settings > Event Logs and review the Custom Session Label column to see the session label associated with each event.

    Change an active custom session label

    When changeable mode is enabled, administrators can change their custom session label during an active session using one of the following methods.

    To change an active session's label:

    1. In the System Information widget's Current Session List menu, select the administrator and click Edit Custom Session Label.

    2. In the toolbar's administrator dropdown menu, click Custom Session Label.

      After changing the session label, you can see the updated session label in the Current Session List.

    Previous
    Next

    Related Videos

    sidebar video

    Custom Session Labels for FortiManager Event Logs

    • 141 views
    • 1 months ago

    Using custom session labels to identify sessions in the Event Log

    Using custom session labels to identify sessions in the Event Log

    In some forensic or troubleshooting scenarios, it is necessary to retrace the full sequence of actions performed by FortiManager administrators during a login session. FortiManager supports the optional ability to set custom session labels to make session identification easier.

    When a custom session label is set, all actions performed by the administrator during that session will be tagged with the session label in the Event Log.

    The custom session label feature can be enabled using the FortiManager CLI. By default, this feature is disabled.

    When enabled, you can set the session label mode as one of the following options:

    • Changeable: The custom session label can be changed during an active session (default).

    • Unique per-session: After a custom session label has been set, it cannot be changed until the session is terminated.

    When custom session labels are enabled, it is mandatory for an administrator to set a custom session label.

    Unique session labels are not enforced, which means it is possible to have multiple sessions with the same session label.

    To use custom session labels:

    1. Enable custom session labels in the FortiManager CLI:

      config system admin setting
	set custom-session-label {enable | disable}
	set custom-session-label-mode {changeable | unique-per-session}
end

    2. Log in to the FortiManager GUI.

      Administrators will see a Set Custom Session Label dialog after successfully logging in to FortiManager.

    3. Enter your login credentials and enter a custom session label, then click Login. Custom session labels can be up to 36 characters in length.
      When there are multiple logins from the same administrator, different custom session labels can be used to distinguish the sessions.

    4. View a list of active sessions by going to Dashboard and clicking on the Current Session List icon in the System Information widget.
      The custom session labels for active users are displayed.

    5. Go to System Settings > Event Logs and review the Custom Session Label column to see the session label associated with each event.

    Change an active custom session label

    When changeable mode is enabled, administrators can change their custom session label during an active session using one of the following methods.

    To change an active session's label:

    1. In the System Information widget's Current Session List menu, select the administrator and click Edit Custom Session Label.

    2. In the toolbar's administrator dropdown menu, click Custom Session Label.

      After changing the session label, you can see the updated session label in the Current Session List.

    Previous
    Next