Fortinet black logo

Administration Guide

Home FortiPAM 1.2.0 Administration Guide
1.2.0
1.3.0
1.2.0
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0

Creating an event filter profile

Creating an event filter profile

To create an event filter profile:
  1. Go to Secret Settings > Event Filter Profile.
  2. In Event Filter Profile, select Create.

    The New Event filter profile window opens.

  3. Enter the following information:

    Name

    Name of the event filter profile.

    Process Log

    Monitor/skip the process log (default = Monitor).

    Filesystem Log

    Monitor/skip the file system event log (default = Monitor).

    User Management Log

    Monitor/skip the user management event log (default = Monitor).

  4. Click Submit.

Event filter profile via the CLI Example

  1. In the CLI console, use the following commands to configure the event filter profile: 
      config secret event-filter-profile
   edit "default_app_log"
    set process-log {enable | disable}  #Enable/disable pulling activity log 
    set filesystem-log {enable | disable}  #Enable/disable pulling activity log 
    set user-management {enable | disable}  #Enable/disable pulling activity log 
   next
  end
  2. In the CLI console, use the following commands to enable or disable the event filter for the policy or secret. 
      config secret policy
   edit default
    set event-filter {not-set | disable | enable}
    set event-filter-profile "default_app_log"
   end
  end
 config secret database
  edit sec_1
   set event-filter {not-set | disable | enable}
   set event-filter-profile "default_app_log"
  end
 end
  3. The launched secret requires a target with a privileged account with WinRM (Windows remote management) privilege.

    Enable or disable winrm-https in the secret target using the following CLI commands: 

      config secret target
   edit "3-84-141-197"
    set class "Other"
    set template "Windows Domain Account"
    set address "ec2-3-84-141-197.compute-1.amazonaws.com"
    set creation-time 2023-10-12 11:28:57
    set winrm-https {enable | disable} #Enable
    set access customized
    config user-permission
     edit 1
      set user-name "admin"
      set permission owner
     next
    end
    set web-proxy-status disable
   next
  end

    For information on WinRM configuration for Windows server, see Appendix L: WinRM configuration for Windows server.

Limitations

The RDP log retrieving feature currently only works on RDP sessions proxied by FortiPAM with video recording enabled.

Previous
Next

Creating an event filter profile

To create an event filter profile:
  1. Go to Secret Settings > Event Filter Profile.
  2. In Event Filter Profile, select Create.

    The New Event filter profile window opens.

  3. Enter the following information:

    Name

    Name of the event filter profile.

    Process Log

    Monitor/skip the process log (default = Monitor).

    Filesystem Log

    Monitor/skip the file system event log (default = Monitor).

    User Management Log

    Monitor/skip the user management event log (default = Monitor).

  4. Click Submit.

Event filter profile via the CLI Example

  1. In the CLI console, use the following commands to configure the event filter profile: 
      config secret event-filter-profile
   edit "default_app_log"
    set process-log {enable | disable}  #Enable/disable pulling activity log 
    set filesystem-log {enable | disable}  #Enable/disable pulling activity log 
    set user-management {enable | disable}  #Enable/disable pulling activity log 
   next
  end
  2. In the CLI console, use the following commands to enable or disable the event filter for the policy or secret. 
      config secret policy
   edit default
    set event-filter {not-set | disable | enable}
    set event-filter-profile "default_app_log"
   end
  end
 config secret database
  edit sec_1
   set event-filter {not-set | disable | enable}
   set event-filter-profile "default_app_log"
  end
 end
  3. The launched secret requires a target with a privileged account with WinRM (Windows remote management) privilege.

    Enable or disable winrm-https in the secret target using the following CLI commands: 

      config secret target
   edit "3-84-141-197"
    set class "Other"
    set template "Windows Domain Account"
    set address "ec2-3-84-141-197.compute-1.amazonaws.com"
    set creation-time 2023-10-12 11:28:57
    set winrm-https {enable | disable} #Enable
    set access customized
    config user-permission
     edit 1
      set user-name "admin"
      set permission owner
     next
    end
    set web-proxy-status disable
   next
  end

    For information on WinRM configuration for Windows server, see Appendix L: WinRM configuration for Windows server.

Limitations

The RDP log retrieving feature currently only works on RDP sessions proxied by FortiPAM with video recording enabled.

Previous
Next