06/27/2024 1,044 People found this article helpful 456,967 Views
Displaying authenticated username in GMS reports
By default, GMS reports such as Web Activity > Initiators will display the computer’s IP address without a user:
If some form of authentication is used for Internet access, the syslog messages will contain the authenticated username in the “usr= “ field of the syslog:
Syslog Example w/authentication in use:
id=firewall sn=004010123456 time="2016-02-08 02:04:24 UTC" fw=70.90.17.51 pri=5 c=4 m=14 msg= usr=SJCOLOrpastoren=78567 src=192.168.150.231:2826:LAN dst=207.46.144.222:80:WAN dstname=www.inappropriatewebsite.com arg=/ code=
GMS will take the username from the syslog messages and display it in the report:
In order for the syslog to contain the username, some form of authentication must be used. This can be any of the following methods available in the firewall:
Single Sign-On (SSO)
User Level Authentication (ULA)
LDAP
Local User Authentication
RADIUS