*** Fortianalyzer Combining in one chart two Datasets ***

Question

Hello,

I need some help in order to create a custom report. I have an IDS profile and I want to repport the attacks in order to optimize the IPS profile that I'm configuring. The problem is that the data I need is in differents Log Type Database, so I create two datasets: Dataset with log type traffic (where I get srcip,srccountry, dstip,natIP) and Dataset with log type attack (where I get attack type). But i didn't find a way to relate both datasets and I don't have the attack type for a database log type traffic.

Does anyone have an idea how can I do that? Is there an SQL sequence I can do in order to have all this information into one Dataset?

I'm using the version 5.2.4 ( I'm planning an upgrade, but not for this week)

Thanks in advance :)

AtiT · Accepted Answer

Hi,I looked at your dataset and you are using 3 SELECTs but in this case only 1 SELECT is enough as all the informaction is in the Traffic log: Create a Traffic dataset: SELECT DISTINCT `srcip`, `srccountry`, `dstip`, `dstname`, `tranip`, `attack` FROM $log WHERE $filter AND NULLIFNA(`attack`) IS NOT NULL ORDER BY `srccountry` You will get the same results and in my case more then 5 times faster.

chall_FTNT · Answer

Creating a datasets which pulls data from 2 log types is quite complex and should generally only be considered for those quite comfortable with SQL. It requires a UNION of 2 select statements.

Also, in some cases, some queries involving a UNION can be quite computationally demanding on the FortiAnalyzer.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded