The Fortinets products "FortiGate" (firewall) and the "FortiAnalyzer" (log-management-system) both have an option to anonymize user names in their logs. However they are not the same thing.
set user-anonymize enable
end
Will result in changing all usernames to "anonymous":
FortiGate
config log settingset user-anonymize enable
end
Will result in changing all usernames to "anonymous":
FortiAnalyzer
Using „Privacy masking“ in the FortiAnalyzer will change the username as follows:
Using "Obfuscate User" in Advanced Settings of a Report will hide user information the report.
More information can be found here: https://kb.fortinet.com/kb/documentLink.do?externalID=FD36317 and https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/227385/reports-settings-tab and https://docs.fortinet.com
Syslog
When enabling "user-anonymize" the FortiGate will also send to all syslog destinations and FortiAnalyzers the username as "anonymous". Therefore also using "Privacy masking" from FortiAnalyzer might not be necessary anymore when "user-anonymize" is already enabled on the FGT.More information can be found here: https://kb.fortinet.com/kb/documentLink.do?externalID=FD36317 and https://docs.fortinet.com/document/fortianalyzer/6.2.5/administration-guide/227385/reports-settings-tab and https://docs.fortinet.com
No comments:
Post a Comment