FortiAnalyzer - How to set up a report to list all users who visit a particular website

KareBrow · ‎09-19-2016

I'm looking for a way to write a report in FortiAnalyzer that will spit back a list of users who visit a particular website at any given time. I work at an Educational Institution and we're looking to identify users are visiting two websites that we know can be used to disguise plagiarism. We don't want to know about ALL plagiarism websites, just the two we have identified.

I haven't been able to find the right Datasets/Charts to fit what I'm after.

Is anyone able to help?

mnantel_FTNT · ‎09-29-2016

Sure thing Karen!

While I am not sure which version of FAZ you are running, here's a quick dataset that should get you what you need:

select hostname, coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) as user_src, count(*) as webhits from $log where $filter group by hostname, user_src order by webhits desc

In order to use this dataset, ensure the log type is set to "web filter" when you create the dataset.

Then, create a chart referencing the dataset. You can give proper names to the dataset fields in the chart.

And the last step is to configure a report by adding the chart to the report's layout. You can then apply a filter to the report such that the field called "Hostname" receives a filter value of "www.plagiarismwebsite.com".

Happy to help you out with that report if things dont work out with the above instructions - just email me at mnantel@fortinet.com.

--

Mathieu Nantel

Principal Presales Security Expert

-- Mathieu Nantel Systems Engineer / Conseiller Technique - Fortinet Montreal, QC