Enabling authentication event logging
For the FortiGate unit to log events, that specific type of event must be enabled under logging.
When VDOMs are enabled certain options may not be available, such as CPU and memory usage events. You can enable event logs only when you are logged on to a VDOM; you cannot enable event logs globally.
To ensure you log all the events need, set the minimum log level to Notification or Information. Firewall logging requires Notification as a minimum. The closer to Debug level, the more information will be logged. While this extra information is useful, you must
To enable event logging
1. Go to Log&Report > Log Config > Log Settings.
2. In Event Logging, select
System activity event | All system-related events, such as ping server failure and gateway status. |
User activity event | All administration events, such as user logins, resets, and configuration updates. |
Optionally you can enable any or all of the other logging event options.
3. Select Apply.
Figure 78: Authentication log messages
Table 21: List of FSSO related log messages
Message ID | Severity | Description |
43008 | Notification | Authentication was successful |
43009 | Notification | Authentication session failed |
43010 | Warning | Authentication locked out |
43011 | Notification | Authentication timed out |
43012 | Notification | FSSO authentication was successful |
43013 | Notification | FSSO authentication failed |
43014 | Notification | FSSO user logged on |
43015 | Notification | FSSO user logged off |
43016 | Notification | NTLM authentication was successful |
43017 | Notification | NTLM authentication failed |
For more information on logging, see the FortiOS Handbook Log and Reporting chapter.