FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Article Id 196519


This article describes how to run a custom report on a FortiAnalyzer with the Chart Builder tool.




Any supported version of FortiAnalyzer.


Make sure to receive the logs on the FortiAnalyzer so that it can be used to generate reports.

Visit Fortinet's Knowledge Base here for reference.

Select a value to run the report in the log view section. Below is an example of report performed on a source IP and with the DNS protocol.

Select any columns desired to see them in the chart report as follows:

Select the Chart Builder tool from the actions submenu:

Select the columns desired to integrate in the Chart Builder tool (a maximum of 5 may be selected) and run the preview. Give the chart a name and save it.

Create the report and go in the Layout section:

Select Insert Chart and navigate to the report created using the Chart Builder tool.

Save and run the report:

The report can be viewed in different formats such as HTML and PDF. It can be also sent by mail.

If a problem occurs, run the report in the CLI and send it using the following steps:


# exe tac report
exe sql-report list-schedule <adom>
exe sql-report list <adom>
exe sql-report run <adom> <report ID>
exe sql-report view report-data <adom> "name of the report"