FortiAnalyzer Version 3.0 MR3 Administration Guide
100 05-30003-0082-20060925
Searching user data Forensic Analysis
To enable these log types on the FortiGate unit
1 Go to Firewall > Protection Profile
2 Select a protection profile.
3 Select Logging.
4 Select the activities to log and select OK.
Searching user data
The user data search enables you to perform a quick search on selected activity
of a specific user. Use the search to quickly see a user’s email, IM chat, FTP and
HTML activities for a selected time period.
To perform a user data search
1 Go to Forensic Analysis > Search > Search.
2 Set the following options and select Search:
After selecting Search, the FortiAnalyzer unit scans the content log data (data
from the Content Archive from a FortiGate unit) on its hard disk for all information
based on the criteria entered, and displays the number if results for each criteria.
Figure 37: Search results
Select View for the log information you want to view in detail. The search results
open in a new browser window.
Select download to save a specific log result to your local hard disk.
Saving search results
If you want to save these results for future reference, you can save the results to
the FortiAnalyzer hard disk. You can view the saved search results by selecting
Local Archive. For details see “Local archive” on page 101.
Search based on Select a search based on the user name or the IP address.
User / IP Address Select the search criteria. Depending on your search selection,
enter a user name or an IP address.
Time frame Select the span of time to view for the user’s activity.
Search for Select the information on the user or IP address that you want to
search for.
To Next Page
Loading...
Need help?
General