DescriptionThis article explains how to configure a FortiGate unit to hide usernames in traffic logs and UTM logs, the username will be displayed as 'anonymous'.
It is assumed that logging is enabled in firewall policy and UTM profiles, and that identity based policies are configured on the FortiGate unit.
SolutionTo configure this setting, CLI access is required. Connect to the FortiGate unit CLI and execute following commands:
# config log setting
# set user-anonymize enable
# end
Verification, a log entry should now appear as:
date=2014-11-26 time=14:45:16 logid=0317013312 type=utm subtype=webfilter eventtype=ftgd_allow level=notice vd="root" policyid=2 identidx=1 sessionid=31232959 user="anonymous" group="ldap_users" srcip=192.168.1.24 srcport=63355 srcintf="port2" dstip=66.171.121.44 dstport=80 dstintf="port1" service="http" hostname="www.fortinet.com" profiletype="Webfilter_Profile" profile="default" status="passthrough" reqtype="direct" url="/" sentbyte=304 rcvdbyte=60135 msg="URL belongs to an allowed category in policy" method=domain class=0 cat=140 catdesc="custom1"
It should be noted that after configuring this setting, log messages on an associated FortiAnalyzer will also display the username as 'anonymous' since the log message is generated on the FortiGate unit.