Skip to Content

How to search logs for who accessed website

By: Author Alex Lim

Posted on

Categories Networking

This article describes how to search the logs for who accessed a website.

Scope

FortiOS 6.4+.

Solution

To have logs available for website access, it is necessary to configure the firewall policy to have the ‘Log Allowed Traffic’ option set to ‘All Sessions’.

To have logs available for website access, it is necessary to configure the firewall policy to have the ‘Log Allowed Traffic’ option set to ‘All Sessions’.

The next thing, it is necessary to find the IP of the website. The search will be a lot more difficult if the website resolves to multiple IPs.

If the website resolves to only one IP then the search will be easy. To get the IP address of the website, go to a web browser. This example uses Chrome:

‘Right-click’ in the browser and select ‘Inspect’.

In the tab opened, select the ‘Network’ option:

In the tab opened, select the ‘Network’ option.

After this open the website. This test uses example.com:

After this open the website. This test uses example.com.

Here it will show the IP on the Network tab, under Remote Address.

Once having the IP address of the website, it is possible to go to FortiGate GUI under Log & Report-> Forward Traffic.

Here, select ‘Add Filter’ and Select ‘Destination’.

It is possible to enter the IP of the website and it will search the logs for that:

It is possible to enter the IP of the website and it will search the logs for that.