Create a log "view" for each user

Author
richinnz
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/02/08 14:51:54
  • Status: offline
2019/02/08 14:59:04 (permalink)
0

Create a log "view" for each user

Hi,
 
We have a shared firewall in our datacentre where 1 VDOM is servicing a number of customers, each customer having a VLAN interface.  
 
Is there a way I can create a user in FortiAnalyzer that is restricted to viewing only the logs passing through a particular src or dst interface on that VDOM so my customers can use FAZ but only see their logs?
 
I was thinking perhaps a meta field on the administrators account and have that referenced in the reports / log viewer etc, but unsure how, or even if this is the best way.
 
Thanks,
Richard
#1

2 Replies Related Threads

    chall_FTNT
    skyhigh
    • Total Posts : 293
    • Scores: 28
    • Reward points: 0
    • Joined: 2003/11/28 16:19:30
    • Status: offline
    Re: Create a log "view" for each user 2019/02/11 16:20:32 (permalink)
    0
    Admin users can be restricted to specific ADOMs which can be compromised of 1 or more devices/VDOMs.  For this to work, you need to isolate customers into separate VDOMs.  Those VDOMs can then be aggregated through a common VDOM (if necessary) or, if using VLANs, then a VLAN trunk to an upstream switch.
    #2
    richinnz
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/02/08 14:51:54
    • Status: offline
    Re: Create a log "view" for each user 2019/02/12 22:41:49 (permalink)
    0
    Hi Chall,
     
    Thanks for the reply.  I am already aware of this functionality, but I was asking whether it is possible to create an admin user (customer) on FAZ who has only a restricted view of the logs going to a specific ADOM.  In this case, I would add only one VDOM to the ADOM, and then I would want each user to only view logs with a specific srcintf or dstintf value.
     
    I can modify the SQL in the reports as necessary, but I would need to reference some attribute of the logged in users' account that contains the interface name (e.g. meta field), and this was what I was inquiring about.  
     
    Ideally I would like to do this across reports, noc/soc, and log view, but I would settle for just the reports section if at all possible.  
     
    Regards,
    Richard
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5