Skip to main content
psimons_pictet
psimons_pictet
Visitor III
January 9, 2024
Question

FortiAnalyzer "Number of emails" how is this measured?

  • January 9, 2024
  • 2 replies
  • 1279 views

In the FortiAnalyzer reports section 'Emails' can be selected as content.
Does anyone know (or can point me to) how these numbers are calculated?
'Top Recipients by Number of Emails' for example gives me a public IP address and a count, [ "1,734" ] for example.

How do Fortinets 'know' - counting traffic on port 25?

What happens if I have an application using this port and my email is on 587?

Any replies gratefully received.

P.

2 replies

AEK
SuperUser
AEK
SuperUser
January 9, 2024

As far as I remember FortiAnalyzer gets this info from FGT logs by counting connections to port 25.

I guess this choice may have something to do with the SMTP port in Protocol Options profile. If you try it please share the result.

AEK
    vraev
    Staff
    vraev
    Staff
    January 10, 2024

    Hi, 

    Could you share a screenshot for example?
    What is the FAZ version did you have FortiMail (version, adom) that is providing this data?

     

    Best,

    Terms & ConditionsAccessibility statement