Forensic Analysis Users and groups
FortiAnalyzer Version 3.0 MR3 Administration Guide
05-30003-0082-20060925 97
Forensic Analysis
Forensic analysis provides a method of monitoring and reporting on individuals or
groups of individuals on their internet traffic, email and Instant Messaging (IM)
patterns within an organization.
While the Reports and other log data also provide this information, the forensic
analysis enables the administrator to narrow the information to specific individuals
or groups of individuals.
This section describes how to set up users and groups, search logs for user
activity and how to generate and view analysis reports.
This section includes the following topics:
• Users and groups
• Searching user data
• Forensic Reports
Users and groups
Use forensic analysis to view the network and Internet usage habits of individual
users or groups of users. To do this, you must first add a list of users and their
network information. This includes the users’ IP address, user name, IM name(s)
and email address(es).
Adding users
Add users to the FortiAnalyzer analysis list for tracking. When adding a user, you
include their username, IP address, email address and IM names (if applicable). If
you only know part of the information you want to add, use Lookup to find
additional user information. For details on finding additional user information, see
“Lookup” on page 98.
To add a user to the forensic analysis list
1 Go to Forensic Analysis > Lookup > User.
2 Select Create New.
3 Enter the following information and select OK:
Note: The forensic analysis feature is not available on the FortiAnalyzer-100.
Name Enter the name of the user. The name cannot include spaces.
Username (in Logs) Enter the username as it will appear in the logs.
IP Address Enter the IP address of the user.
Email Address(es) Enter the email address for the user and select Add. For
completeness of the reports, add all known email addresses for
the user.
IM Name(s) Enter the instant message name for the user if applicable and
select Add. For completeness of the reports, add all known IM
names.
To Next Page
Loading...
Need help?
General