Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Log & Event Manager (LEM) > Search for FortiGate VPN authentication event details

Search for FortiGate VPN authentication event details

Table of contents
Created by Abdul.Aziz, last modified by Abdul.Aziz on Jun 15, 2017

Views: 72 Votes: 0 Revisions: 6

Updated May 11, 2017

Overview

This article describes how to perform an nDepth search to find FortiGate VPN session events in LEM.

Environment

  • All LEM versions
  • FortiGate 500D

Steps

  1. Verify that the FortiGate 500D appliance is configured to log VPN session events. See VPN event logs for instructions. 
    Note: Check the FortiGate Log Message Reference to get the event logs you are looking for.
    (© 2017 Fortinet, Inc., available at help.fortinet.com/, obtained on May 10, 2017.)
  2. Perform the following nDepth search to get the login and logout message details for the VPN session:
    VPNConnection.ProviderSID = 23101 And VPNConnection.ProviderSID = 23102
  3. Perform the following nDepth search to get the user details:
    NetworkIncident.ToolAlias= *Fortigate* and NetworkIncident.ExtraneousInfo = *VPNGroupName*

 

Disclaimer: Please note, any content posted herein is provided as a suggestion or recommendation to you for your internal use. This is not part of the SolarWinds software or documentation that you purchased from SolarWinds, and the information set forth herein may come from third parties. Your organization should internally review and assess to what extent, if any, such custom scripts or recommendations will be incorporated into your environment.  You elect to use third-party content at your own risk, and you will be solely responsible for the incorporation of the same, if any.

Suggested tags: nDepth search FortiGate VPN session events LEM login logout  monitor

 

 

Reason for Rework or Feedback from Technical Content Review:   

 

Last modified
09:50, 15 Jun 2017

Tags

Classifications

Public