Forensic Analysis
Users and groups
FortiAnalyzer Version 3.0 MR3 Administration Guide
05-30003-0082-20060925
99
Figure 36: Lookup user information
Where does FortiAnalyzer get this information?
The FortiAnalyzer unit obtains user information from the FortiGate logs. The
following table outlines what logs the FortiAnalyzer refers to when retrieving user
information.
Lookup
Select the information to look for in the log data.
Username / IP
Address
Depending on the Lookup selection, enter either the username or
IP address to find the associated information.
Time frame
Select the time range in the logs that the FortiAnalyzer unit
searches.
All
xx
logged on
yy
within the last
zz
A visual indication of what you have selected and its relationship
to each other. Below this statement a list of available data will
appear. Select the check box beside each entry to add the data to
the user information.
User
Select to add any of the results to an existing user in the forensic
analysis user table.
Create User / Add to
user
This button selection depends on whether you select a user from
the list.
Select Add to User when you select a user from the User list. The
FortiAnalyzer unit adds the information selected from the results to
the selected user information.
Select Create User to use the information entered above and
selected from the results, to create a new forensic analysis user
entry.
User Name
Web filter log
IP Address
Web filter log
Email address
Email filter log. If not found, the FortiAnalyzer unit uses the content
logs.
IM name
IM log. If not found, the FortiAnalyzer unit uses the content logs.
Summary of Contents for FortiAnalyzer-100A
Page 1: ...www fortinet com FortiAnalyzer Version 3 0 MR3 A D M I N I S T R A T I O N G U I D E...
Page 10: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 10 05 30003 0082 20060925 Contents...
Page 88: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 88 05 30003 0082 20060925 Log rolling Logs...
Page 138: ...FortiAnalyzer Version 3 0 MR3 Administration Guide 138 05 30003 0082 20060925 Output Alerts...
Page 161: ...www fortinet com...
Page 162: ...www fortinet com...