| Description | The article describes how to create a FortiAnalyzer report for policy hit count. |
| Scope | FortiAnalyzer, FortiGate. |
| Solution |
Under Log View -> Reports -> Report Definitions -> Datasets -> Create the following SQL dataset, with Log Type: Traffic, that will be used to generate a report:
SELECT policyid, count (*) AS policyhit FROM $log WHERE $filter GROUP BY policyid ORDER BY policyhit desc
This will count all policies hit and order by policies with the highest hit count. To sort by policy ID the the last line can be modified to: ORDER BY policyid asc
Use the dataset above in a Chart or a Macro and then in a Report: Creating reports without using a template
Result (sorted by policyhit):
A filter in report settings can be added to count only for a specific policy ID: Filtering report output.
Note: From v7.4.0 and above, the hit-count column in the firewall policy firmware version is removed.
Related articles: |
