- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
- Fortinet Community
- Knowledge Base
- FortiAnalyzer
- Technical Note : FortiAnalyzer reports show the sa...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Not applicable
Created on 10-12-2009 12:04 PM
Article Id
194808
Description
The behavior is different depending on the method used and this will cause the FortiAnalyzer to have two different log entries for the same user (one with upper case names and one, for the same user, but written in lower case).
Reports will show the same user as represented by two different ones. This is because the FortiAnalyzer filter is case sensitive and it will treat names differently if FortiGate is reporting as lower case.
Solution
When a FortiGate is set to require authentication, it may use two methods to authenticate: LDAP and FSAE.
The behavior is different depending on the method used and this will cause the FortiAnalyzer to have two different log entries for the same user (one with upper case names and one, for the same user, but written in lower case).
Reports will show the same user as represented by two different ones. This is because the FortiAnalyzer filter is case sensitive and it will treat names differently if FortiGate is reporting as lower case.
Solution
This is resolved on the FortiGate in 4.0 MR1 with the addition of a new command on the CLI to allow ALL users logged to be in upper case. This is useful when the same servers are shared for LDAP and FSAE.
This allows FortiAnalyzer to ensure that the same user whether it's LDAP or FSAE is represented as a single one in reports.
This allows FortiAnalyzer to ensure that the same user whether it's LDAP or FSAE is represented as a single one in reports.
Example: Instead of "Joe" and "JOE", only "JOE" will be logged.
FortiGate FortiOS 4.1 CLI:
# config sys global
# set log-user-in-upper [enable|disable] (disable by default)
# end
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.