finding authentication logs

Hi,

Hoping this is an easy question, but i cant seem to find the answer.
Whats the correct search term to find auth logs in dimension/WGCloud?
Im trying to find out why a user is being rejected.
To see what i could find i tried logging in via the webauth with the account 'Test' and then searched dimension for 'test' and even though it was rejected i couldnt find a log.

thanks.

--
WatchGuard M4800 (x2 Cluster)
WatchGuard M690 (x2 Cluster)
Firmware : 12.10.4

Comments

  • Your question was answered yesterday by shaazaminator, here:

    vpn user report
    https://community.watchguard.com/watchguard-community/discussion/comment/5682#Comment_5682

    I find the WatchGuard Cloud Log Search non-intuitive.
    One has to look at the docs to figure out how to do searches effectivly, including using the field names in the search.

    Log Search (WatchGuard Cloud)
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/Devices/reports/log_search_wgc.html

  • Ok, so i've found the data in Dimension and i've compared the WGcloud and Dimension data side by side. For the same timestamp the Cloud has 1 entry and Dimension shows 7. A lot of detail is removed.

    This is the search term in the cloud that seems to work.

    Fwstatus AND Authentication*

    Any format of username brings back nothing and the username is listed as [username@domain] in the entry.

    For Dimension a simple "username" works.

    --
    WatchGuard M4800 (x2 Cluster)
    WatchGuard M690 (x2 Cluster)
    Firmware : 12.10.4

  • I find the WatchGuard Cloud Log Search non-intuitive.
    One has to look at the docs to figure out how to do searches effectivly, including using the field names in the search.

    I agree, its awful. A real step back from the old dimension search.

    --
    WatchGuard M4800 (x2 Cluster)
    WatchGuard M690 (x2 Cluster)
    Firmware : 12.10.4

Sign In to comment.