topic Detailed Logging for attempts externally in Log Forwarding Discussions https://live.paloaltonetworks.com/t5/log-forwarding-discussions/detailed-logging-for-attempts-externally/m-p/216820#M10 <P>Hello Community!<BR /><BR />Occasionally we get "SYSTEM ALERT" forwarded to the mailbox, in regards to failed authentications where there was an attempt using a non-existent user. Is it possible to add more information in these logs?<BR /><BR />Specifically whether the user tried to log on using the GlobalProtect client, or the portal login page?<BR />Which portal was used?</P><P>Unless you're using different auth profiles for each portal, you're kind of in the dark as to which one was attempted.<BR /><BR />If not, I'd like to add a feature request <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 06 Jun 2018 12:26:59 GMT pasmartin 2018-06-06T12:26:59Z Detailed Logging for attempts externally https://live.paloaltonetworks.com/t5/log-forwarding-discussions/detailed-logging-for-attempts-externally/m-p/216820#M10 <P>Hello Community!<BR /><BR />Occasionally we get "SYSTEM ALERT" forwarded to the mailbox, in regards to failed authentications where there was an attempt using a non-existent user. Is it possible to add more information in these logs?<BR /><BR />Specifically whether the user tried to log on using the GlobalProtect client, or the portal login page?<BR />Which portal was used?</P><P>Unless you're using different auth profiles for each portal, you're kind of in the dark as to which one was attempted.<BR /><BR />If not, I'd like to add a feature request <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 06 Jun 2018 12:26:59 GMT https://live.paloaltonetworks.com/t5/log-forwarding-discussions/detailed-logging-for-attempts-externally/m-p/216820#M10 pasmartin 2018-06-06T12:26:59Z Re: Detailed Logging for attempts externally https://live.paloaltonetworks.com/t5/log-forwarding-discussions/detailed-logging-for-attempts-externally/m-p/216833#M11 <P>Also, whether it'd be possible to set a variable for "additional recipient" or something like that, that would use the username defined in "opaque: failed authentication for user 'username'", so that both myself and the user in question that failed login, would receive an email about a failed login.</P><P>&nbsp;</P><P>For instance - let's say the logs&nbsp;echo <STRONG>opaque: failed authentication for user 'username123'</STRONG></P><P>The username stated in each logged entry would be GET'd, and "@domain.com" would be appended and used to notify said user.</P> Wed, 06 Jun 2018 13:02:26 GMT https://live.paloaltonetworks.com/t5/log-forwarding-discussions/detailed-logging-for-attempts-externally/m-p/216833#M11 pasmartin 2018-06-06T13:02:26Z