Description | This article describes how to create an automation stitch admin user login and logout. |
Scope | FortiGate v6.4 and above. |
Solution |
Fortigate creates a log when an Admin user login and logout the fortiGate.
Login event:
date=2023-05-22 time=13:17:26 eventtime=1684754246523091187 tz="+0200" logid="0100032001" type="event" subtype="system" level="information" vd="root" logdesc="Admin login successful" sn="1684754246" user="admin" ui="https(10.32.22.111)" method="https" srcip=10.32.22.111 dstip=10.40.19.15 action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from https(10.32.22.111)"
Logout event:
date=2023-05-22 time=13:18:34 eventtime=1684754314759921964 tz="+0200" logid="0100032003" type="event" subtype="system" level="information" vd="root" logdesc="Admin logout successful" sn="1684754246" user="admin" ui="https(10.32.22.111)" method="https" srcip=10.32.22.111
For monitoring and documentation, it is possible to create a automation in the FortiGate to send the alert mail when an admin user login and logout of the FortiGate.
To create an automation stitch, check the following steps:
1) Configure the email server in FortiGate.
From GUI:
Go to System -> Setting -> Email Service.
It is possible to use the default setting with notification.fortinet.net as an email server or Use custom settings.
From CLI:
config system email-server
2) Configure automation:
Navigate to Security Fabric -> Automation -> Under Stitch tab Create New: - Name the Stitch.
From CLI: Automation Stitch.
config system automation-stitch
Automation trigger.
config system automation-trigger
Automation action.
config system automation-action
Result : When the user login and logout of the firewall, the alert mail with the log will be get.
noreply@notification.fortinet.net FGT[FGVM010000017397] Automation Stitch:Admin_login is triggered.
FGT[FGVM010000017397] Automation Stitch:Admin_logout is triggered. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.