Admin Logins

Admin Logins

Only FortiGate models 100D and above support the 24 hour historical data.

The Admin Logins console provides information on administrator interactions with the network, including the number of login instances, number of failed logins, and the length of time logged in. This console features the same view options as the other consoles, as well as Timeline View.

This console can be filtered by Result and User Name. For more on filters, see Filtering options.

 

Scenario: Scrutinizing Administrator Security

Admin Logins can be used in conjunction with System Events to see who was on during a system change that impacted performance and allowed a threat to persist/pass through the firewall:

1. Go to FortiView > System Events, to see what and how many network events have taken place, as well as how severe they are in terms of the threat they pose to the network.

2. You see that a particular event has warranted a severe rating, and has allowed traffic to bypass the firewall.

Double-click on the event to drill down.

3. Once drilled down, you can see the date and time that the system change took place.

4. Go to FortiView > Admin Logins, to see who has been logged in, how long they have been logged in, and what configuration changes they have made. Using the time graph, you can correlate the information from System Events with who was logged in at the time the threat was allowed.

Only FortiGate models 100D and above support the 24 hour historical data.

 

This entry was posted in FortiOS 5.4 Handbook and tagged , , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.