Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fmoh
New Contributor

Created on ‎06-22-2016 07:11 AM

FortiAnalyzer Email Alerts - Custom Queries

Hello,

For reference I am using FortiAnalyzer-VM64

 

Essentially, I have been able to create a custom query for the web filter log to retrieve counts of source IP addresses, and display the top 15 highest occurring results. From this dataset I was able to create automatic email alerts using the reporting system, however instead of a PDF attachment I would like the results from the query to be displayed as plain text in the email message.

 

Is there any way for me to get the results of my query to be raw text in an automatic email alert? When our mail server receives the email it automatically parses the message for the relevant information, however this is not possible if the message is a PDF attachment in a report format.

 

Thanks for your help

8305
0 Kudos
7 REPLIES 7
hzhao_FTNT
Staff
Staff

Created on ‎06-22-2016 09:26 AM

Hi there,

 

Unfortunately we do not offer plain text in email output

On FAZ 5.4, you can choose PDF/HTML/XML/CSV

On FAZ 5.2, you can choose PDF/HTML, the html report is in a zipped folder.

 

 Regards,

hz

2521
0 Kudos
fmoh
New Contributor
In response to hzhao_FTNT

Created on ‎06-22-2016 09:31 AM

Thanks for the answer.

 

However, whenever I select HTML in the output profile, the email never gets sent. It only seems to work for PDF.

Is there a way to get the HTML file sent through email? As you suggested I would expect it as a zip attachment.

 

Thanks

2521
0 Kudos
hzhao_FTNT
Staff
Staff
In response to fmoh

Created on ‎06-22-2016 09:37 AM

The HTML report could be blocked by mail server because it contains some JS files, please check with your mail server admin and ask him to give you an exception.

 

regards,hz

2521
0 Kudos
fmoh
New Contributor
In response to hzhao_FTNT

Created on ‎06-24-2016 07:22 AM

Thanks for the reply, I will check with the server admin.

 

In the meantime is there ANY way to get text based email output from a custom query as described above? (API, or another Forti feature)

 

Receiving PDF/HTML attachments and then having to run a script just to parse out the information I need seems to be counter productive for what I am trying to do.

 

Thanks for you help

2521
0 Kudos
hzhao_FTNT
Staff
Staff
In response to fmoh

Created on ‎06-24-2016 08:43 AM

Currently no way to support text based email output, I will ask if we can add this feature in the future

For now, we have a CLI to display report data:

exe sql-report view report-data <ADOM-Name> <Report-Name>

There is another XML API: getFazGeneratedReport, which will retrieve base64 encoded zipped PDF report

 

2521
0 Kudos
rhap4boy
New Contributor

Created on ‎03-23-2022 04:58 PM

Hi fmoh,

 

How do you create a custom query for the web filter log to retrieve counts of source IP addresses and display the top 15 highest occurring results?  I was wondering if you can share that query info?  Thank you!

1611
0 Kudos
Debbie_FTNT
Staff
Staff
In response to rhap4boy

Created on ‎03-24-2022 01:16 AM

Hey rhap,

I'm not fmoh, but I do have some experience with FortiAnalyzer datasets :).

The query would look something like this:

 

select count(srcip) as source

from $log

where $filter

group by srcip limit 15

 

When creating the dataset, set Log Type to 'Web Filter':

Debbie_FTNT_0-1648109713582.png

Then map the dataset to a chart, and add that chart to a report :)

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
1590
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.