Help with reporting Top Allowed Categories for Most Active Users

Forum|Forum|10 years ago
September 6, 2015
1 reply
13401 views

Hi

Back in FAZ v4.2, there was a built-in report called "Top Allowed Categories for Most Active Users" (see attachment). You could see at a glance who the top offenders were and where they were spending their time. It was based on web page requests, whereas FortiView now uses sessions, which surely isn't the same (ie. you could potentially have one session open that is generating millions of requests). There was also a filter called "Include Web Clicks Only", which removed all the other embedded links to advertising, etc. This was probably the most valuable report the FAZ produced. Our managers loved it because they knew who to speak to about their web browsing behaviour.

Fast forward to v5.2, and while it has many good individual reports on users, categories, etc., it doesn't have a single report that combines these together in a powerful way like the above report did.

I've tried to work out how to create my own dataset, but as others have found, it isn't particularly easy, especially for a more complex query like this.

Can someone with good custom dataset skills please help me reproduce this report?

Thanks - Simon

report.jpg

5.2

Best answer by hzhao_FTNT

Hi, Please check below dataset and screenshot for chart setting:

Log-Type: Web filter select user_src, catdesc, sum(requests) as requests from (###(select coalesce(nullifna(`user`), ipstr(`srcip`)) as user_src, catdesc, count(*) as requests from $log-traffic where $filter and logid_to_int(logid) not in (4, 7, 14) and utmevent in ('webfilter', 'banned-word', 'web-content', 'command-block', 'script-filter') and catdesc is not null and utmaction!='blocked' group by user_src, catdesc order by requests desc)### union all ###(select coalesce(nullifna(`user`), ipstr(`srcip`)) as user_src, catdesc, count(*) as requests from $log-webfilter where $filter and (eventtype is null or logver>=52) and catdesc is not null and action!='blocked' group by user_src, catdesc order by requests desc)###) t group by user_src, catdesc order by requests desc

regards,

hz

hzhao_FTNTAnswer

Staff

Hi, Please check below dataset and screenshot for chart setting:

Log-Type: Web filter select user_src, catdesc, sum(requests) as requests from (###(select coalesce(nullifna(`user`), ipstr(`srcip`)) as user_src, catdesc, count(*) as requests from $log-traffic where $filter and logid_to_int(logid) not in (4, 7, 14) and utmevent in ('webfilter', 'banned-word', 'web-content', 'command-block', 'script-filter') and catdesc is not null and utmaction!='blocked' group by user_src, catdesc order by requests desc)### union all ###(select coalesce(nullifna(`user`), ipstr(`srcip`)) as user_src, catdesc, count(*) as requests from $log-webfilter where $filter and (eventtype is null or logver>=52) and catdesc is not null and action!='blocked' group by user_src, catdesc order by requests desc)###) t group by user_src, catdesc order by requests desc

regards,

hz

1.jpg

hzhao_FTNT

Staff

bar chart setting is also attached

2.jpg

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded