Yes unfortunately I have a lot of DDOS handling experience. I would first recommend using something like prtg or scrutinizer setup for Sflow from the fortinet firewall. Setup the Sflow on the interface closed to what you want to track. for Source you would setup sflow on the wanX interface (if the traffic is truly sourced by someone on the internet) or via the portX interface is you think you have Malware in the local network that may be initiating this problem. In the second example its not really a DOS attack as it is just botnet attempts and standard noisy malware! I would recommend getting this setup then for example with prtg you can see the top talkers in 15minute segements and top destinations and top connections. This will give you the true sources of you network pain! I have this setup in multiple data centers and not only on the fortinet firewalls but anywhere there is an aggregate connection, like the distrubution layer on most netorks or the edge network connection where it comes into the core. Most modern routers and switches support either netflow or sflow. In some cases you can just use a packet capture sensor as well but its much more load on the server calculating the traffic into a graph. 

Once the source of the issue is found, I have found that you can either null route that source ip to null on your routing gear or on the firewall. I typically do this outside the firewall so it doesnt even get to the firewall. You can also call your ISP and sometimes they can block that IP for you. I have even done some bgp routing with tunnels to redirect the traffic if you know the destination that they are trying to DOS and if its one that you can live without as you can usually also black-hole the destination if you have that agreement with you ISP.

Hope this info helps,