Technical Note: FortiAnalyzer query to check rogue AP's that have been detected
Description
Solution
This article provides a query to check rogue AP’s that have been detected.
Solution
1) Under Reports > Datasets, Create a new dataset.
2) Query: select msg as AP, logdesc as status, from_itime(itime) as time from $log where $filter and logdesc like '%detected%' order by time
3) Select the Log Type as Event.
4) Create a new chart from the chart library.
5) Select the dataset.
6) Create a new report and use this chart in it.
2) Query: select msg as AP, logdesc as status, from_itime(itime) as time from $log where $filter and logdesc like '%detected%' order by time
3) Select the Log Type as Event.
4) Create a new chart from the chart library.
5) Select the dataset.
6) Create a new report and use this chart in it.