finding authentication logs
Hi,
Hoping this is an easy question, but i cant seem to find the answer.
Whats the correct search term to find auth logs in dimension/WGCloud?
Im trying to find out why a user is being rejected.
To see what i could find i tried logging in via the webauth with the account 'Test' and then searched dimension for 'test' and even though it was rejected i couldnt find a log.
thanks.
--
WatchGuard M4800 (x2 Cluster)
WatchGuard M690 (x2 Cluster)
Firmware : 12.10.4
0
Sign In to comment.
Comments
Your question was answered yesterday by shaazaminator, here:
vpn user report
https://community.watchguard.com/watchguard-community/discussion/comment/5682#Comment_5682
I find the WatchGuard Cloud Log Search non-intuitive.
One has to look at the docs to figure out how to do searches effectivly, including using the field names in the search.
Log Search (WatchGuard Cloud)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/Devices/reports/log_search_wgc.html
Ok, so i've found the data in Dimension and i've compared the WGcloud and Dimension data side by side. For the same timestamp the Cloud has 1 entry and Dimension shows 7. A lot of detail is removed.
This is the search term in the cloud that seems to work.
Fwstatus AND Authentication*
Any format of username brings back nothing and the username is listed as [username@domain] in the entry.
For Dimension a simple "username" works.
--
WatchGuard M4800 (x2 Cluster)
WatchGuard M690 (x2 Cluster)
Firmware : 12.10.4
I agree, its awful. A real step back from the old dimension search.
--
WatchGuard M4800 (x2 Cluster)
WatchGuard M690 (x2 Cluster)
Firmware : 12.10.4