FortiAnalyzer- the problem with logs.
Our FA1000C has been upgraded to 5.06 version. Device is collecting logs file from FortiGates. When I go to the Log View, Traffic Log I see columns: Date/Time, Source/View, Destination IP, Service, Sent/Received, User and VPN for VPN ipsec Traffic. There is a problem with column " User" , because is empty, does not display any information, in contrast to other( full information).
How do I know which user (AD login) was logged in the past, since I can only see the IP address( Column Source/Device) ?
The Event Log-> VPN
contains information about the AD user(xauthUser) but does not display other information(source, destination IP, service).
These are empty records.
I tried to create new dataset which contains logs from Traffic and Event but it does not give the expected result. Situation like the one described above.Should
Should I focus on creating an appropriate DATASET joined by two LOG files (Traffic and Event VPN)? Is that possible to create a new query with two diffrent log files?
< Message edited by fuks87i -- 8/18/2014 4:15:07 AM >