Report to show the top users (IPs) that have visited specific categories

Forum|Forum|7 years ago
March 28, 2019
2 replies
3783 views

Our client has asked for a report that would show a list of the top users (or IPs) that have visited specific web filter categories. I do not see any of the system datasets that have the combination of these fields.

It could be as simple as this:

User Category Count

10.0.0.3 Hacking 12

10.0.0.5 Proxy Avoidance 8

10.0.0.3 Proxy Avoidance 5

10.0.0.4 Discrimination 2

Thanks!

Best answer by chutter_FTNT

Hi,

this should work:

select coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) as user_src, catdesc, count(*) as sessions from $log where $filter group by user_src, catdesc order by sessions desc

Regards

Christian

chutter_FTNTAnswer

Staff

Hi,

this should work:

select coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) as user_src, catdesc, count(*) as sessions from $log where $filter group by user_src, catdesc order by sessions desc

Regards

Christian

Webcategory.jpg

stuart_smiles

New Member

What if you want to create a "cloud storage" category for a similar report, totalling user counts over a period of time, so can trend for growth of cloud adoption for apps, data transfer to storage/backup/similar sites, potentially even seeing bandwidth utilisation, traffic manage some storage sites or prioritise during time of day/ so can offer core, lunchtime and out of hours service levels for sites of interest/bandwidth hogs like facebook/instagram video etc, and feedback to users outside of guidelines on overuse, within the fortinet platform ala bluecoat and websense, whilst not blocking, perhaps "encouraging" wait to do it on "own internet" instead.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded