DescriptionAs part of a forensic analysis, it might be necessary to
gather data and generate reports for specific users.
This article shows how a user filter can be applied to a
report in order to show detailed activity for a specific
user.
The article use as its example the "Bandwidth and Application
Report". Screen shots are taken from FortiAnalyzer
6.4.0.
SolutionBefore applying a user filter, a sample "Bandwidth and Application
Report" shows many users.
And the top destinations for all users:
Steps to Apply a User Filter
1. Go to Logview. Select Traffic for log type under
FortiGate.
2. Add a filter to confirm that logs exist for a specific user
(in this case "USER25")
3. Go to Reports > All Reports. Right-click on
"Bandwidth and Application Report" & select Edit.
4. Select the Settings Tab. Expand the Filters option.
5. Add a Log Field of User (user) with value matching the
user name from step 2 (in this case "USER25")
6. Run the Report "Bandwidth and Application Report" &
click on "HTML" to view generated report.
Observe that
a. the chart "Top 30 Users by Bandwidth and Sessions" only
shows the matched user USER25.
b. the chart "Destinations" only shows Destinations for
traffic generated by USER25
c. the appendix of the report shows which user this report is
for