Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
imambayev
New Contributor

Youtube usage report FortiAnalyzer-1000E v6.2.1 GA build1121

Hello everybody! 

I encountered a problem - I cannot create a report template of youtube usage by individual users. The report has to contain: username, name of a video, a link to the viewed video, traffic, viewing start(date and time), viewing ending(date and time), view duration. Mates, please, write a solution if you are able to, thank you!

1 Solution
OzanOzen
New Contributor

Dear imambayev,

 

I found a old solution I hope it will works for you:

 

One of the features of FortiOS 5.2 was the introduction of Cloud Application logging which allows you to track web application traffic like Youtube videos, email address logins and files uploaded/downloaded via Dropbox.

This quick how-to guide goes through creating a small chart that will only show us the YouTube videos that have been watched and the users that watched them.

This config is done a FortiAnalyzer running 5.2.2.

Before we even begin with the FortiAnalyzer, we need to ensure that 'Deep Inspection of Cloud Applications' has been enabled under the Application Sensor. This is found under Security Profiles > Application Control > Deep Inspection of Cloud Applications and highlighted below:

OzanOzen_0-1649250596624.jpeg

The steps required to create the report are as follows:

1. Create dataset
2. Create chart
3. Create report

1. Create dataset:

To create a dataset goto the 'Reports' tab on your FortiAnalyzer then browse to Advanced > Dataset. From here click on 'Create New' and enter a name, select 'Application Control' for the 'Log Type'.

Enter the following in the 'Query' section:

select app, appid, filename, `user`, sum(filesize) as filesize
from $log
where $filter and filesize is not null
and clouduser is not null
and filename is not null
and app = 'YouTube_Video.Play'
group by cloudaction, app, appid, `user`, filename
order by user asc

Once this is done you can click on the 'Test' button to make sure it's working correctly then click 'Ok' to save. Your final dataset should look something like this:

OzanOzen_1-1649250621866.jpeg

2. Create chart:

Goto Reports > Chart Library and create a new chart (don't use the wizard to create the chart).

Enter a name, select the dataset you created in step 1 and change the 'Only Show First' value to the amount of interfaces you want to show on the chart (in my example I'm showing 50).

Next go through each column and change the header and the display values to the following:

Column 1:
Header: User
Data Binding: user
Display: Icon-User

Column 2:
Header: App
Data Binding: appid
Display: Icon-Application
Merge Next: 1 columns
Merge Header: Video Name

Column 3:
Header: Video Name
Data Binding: filename
Display: Text

Column 4:
Header: Filesize
DataBinding: filesize
Display: Bandwidth (KB/MB/GB)

Click 'Ok' to save. Your end chart should look like this:

 

OzanOzen_2-1649250661047.jpeg

3. Create report:

Right-click on the Report section and select 'Create New'

OzanOzen_3-1649250679729.png

From here give your report a name and save.

Now click on 'Layout' to configure the chart to be run in the report.

Once here click on the 'FortiAnalyzer Chart' icon that's circled below.

OzanOzen_4-1649250697659.jpeg

On the Chart Properties screen select the Chart name that we created earlier (in this example youtube-videos-by-user) and give the chart a title like 'YouTube Videos'. Click OK to save.

OzanOzen_5-1649250716680.jpeg

Your final layout should look like this:

OzanOzen_6-1649250733235.jpeg

Click 'Save' icon in the top left corner to save your changes then go back to 'View Report'. Once here click on 'Run Now' to run the report. Once the report is finished click it to open and view!

OzanOzen_7-1649250754762.jpeg

Best Regards,

 

Life is short

View solution in original post

2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Hello imambayev,

 

I have found this document:

 

https://docs2.fortinet.com/document/fortianalyzer/6.2.1/administration-guide/140901/creating-reports...

 

Could you please tell me if it helped you?

 

Regards,

Anthony-Fortinet Community Team.
OzanOzen
New Contributor

Dear imambayev,

 

I found a old solution I hope it will works for you:

 

One of the features of FortiOS 5.2 was the introduction of Cloud Application logging which allows you to track web application traffic like Youtube videos, email address logins and files uploaded/downloaded via Dropbox.

This quick how-to guide goes through creating a small chart that will only show us the YouTube videos that have been watched and the users that watched them.

This config is done a FortiAnalyzer running 5.2.2.

Before we even begin with the FortiAnalyzer, we need to ensure that 'Deep Inspection of Cloud Applications' has been enabled under the Application Sensor. This is found under Security Profiles > Application Control > Deep Inspection of Cloud Applications and highlighted below:

OzanOzen_0-1649250596624.jpeg

The steps required to create the report are as follows:

1. Create dataset
2. Create chart
3. Create report

1. Create dataset:

To create a dataset goto the 'Reports' tab on your FortiAnalyzer then browse to Advanced > Dataset. From here click on 'Create New' and enter a name, select 'Application Control' for the 'Log Type'.

Enter the following in the 'Query' section:

select app, appid, filename, `user`, sum(filesize) as filesize
from $log
where $filter and filesize is not null
and clouduser is not null
and filename is not null
and app = 'YouTube_Video.Play'
group by cloudaction, app, appid, `user`, filename
order by user asc

Once this is done you can click on the 'Test' button to make sure it's working correctly then click 'Ok' to save. Your final dataset should look something like this:

OzanOzen_1-1649250621866.jpeg

2. Create chart:

Goto Reports > Chart Library and create a new chart (don't use the wizard to create the chart).

Enter a name, select the dataset you created in step 1 and change the 'Only Show First' value to the amount of interfaces you want to show on the chart (in my example I'm showing 50).

Next go through each column and change the header and the display values to the following:

Column 1:
Header: User
Data Binding: user
Display: Icon-User

Column 2:
Header: App
Data Binding: appid
Display: Icon-Application
Merge Next: 1 columns
Merge Header: Video Name

Column 3:
Header: Video Name
Data Binding: filename
Display: Text

Column 4:
Header: Filesize
DataBinding: filesize
Display: Bandwidth (KB/MB/GB)

Click 'Ok' to save. Your end chart should look like this:

 

OzanOzen_2-1649250661047.jpeg

3. Create report:

Right-click on the Report section and select 'Create New'

OzanOzen_3-1649250679729.png

From here give your report a name and save.

Now click on 'Layout' to configure the chart to be run in the report.

Once here click on the 'FortiAnalyzer Chart' icon that's circled below.

OzanOzen_4-1649250697659.jpeg

On the Chart Properties screen select the Chart name that we created earlier (in this example youtube-videos-by-user) and give the chart a title like 'YouTube Videos'. Click OK to save.

OzanOzen_5-1649250716680.jpeg

Your final layout should look like this:

OzanOzen_6-1649250733235.jpeg

Click 'Save' icon in the top left corner to save your changes then go back to 'View Report'. Once here click on 'Run Now' to run the report. Once the report is finished click it to open and view!

OzanOzen_7-1649250754762.jpeg

Best Regards,

 

Life is short