How do I set up a filter for one specific ip?Edit Schedule -> Advanced Settings -> Enable Filters -> Source.
We need to be able to run a report on a srcip to capture all of their webtraffic for the past 30-60 daysEdit Schedule -> Time Period so theoretically, SQL queries seem evitable in this case. However, in my case, both filters are error-prone, namely: A. Report Schedules >> Edit Schedule >> Time period >> Other B. Report Schedules >> Edit Schedule >> Advanced Settings >> Filter >> Source >> range or prefix producing unexpected results, which is being discussed with TAC. Cheers! Rafal
I tried to apply source filter, and the report ignore the source IP. I tried to create a new sql query but I do not know postgress at all. So for example, how do I filter a source IP address in that query: select $DAY_OF_MONTH as dom, sum(sentbyte) as traffic_out, sum(rcvdbyte) as traffic_in from $log where $filter group by dom having sum(sentbyte+rcvdbyte)>0 order by domCan you add the ' src' field to the select statement and change the order by clause? For example,
select src, $DAY_OF_MONTH as dom, sum(sentbyte) as traffic_out, sum(rcvdbyte) as traffic_in from $log where $filter group by dom having sum(sentbyte+rcvdbyte)>0 order by srcOnce you get that working, you should be able to narrow it down to specific IP addresses as needed when you run the report. I' m not using FAZ 5.0.x, but I am guessing the basic SQL syntax should be the same as in 4.3.x.
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Thanks everyone, I updated to patch 5.0.2 but I' m still not getting what I need. Why does fortinet think we are only interested in the top 10 of anything? I just need to be able to provide our personnel dept with a report on a users web activity for a specific time period.+1 One of my biggest frustrations with the Fortinet line-up is the lack of useful reporting for my purposes. The SQL solution is nice in that it lets us roll our own reports now, but a basic report showing a user' s history, apps, etc. over a specific time period would be really useful. It would be great to hear from the FAZ product manager about where this product is going.
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.