- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Creating new FortiAnalyzer Reports???
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Creating new FortiAnalyzer Reports???
Forgive me but I' m new to FortiAnalyzer reporting. My manager has asked me to create a weekly report with all of our VPN users activity. The report activity specifically is username, source IP address, connection start time, connection stop time, & total duration. None of the " template" reports will do this for me. The real problem here is creating the initial dataset. Since I' m new, I don' t know how the SQL tables work. I haven' t been able to get the help I need from Fortinet support.
My first question would be how to output the list of SQL tables from the CLI. Second, how to put these datasets together. Third, are there any resources available for developing reports without attending formal training?
We are currently running v5.0.2. Any help would be MOST appreciated.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' ll take a shot at this since no one else has responded yet.
Caveat -- I have limited experience in this area. Just giving you my best guess.
My recent discussions with Fortinet led me to believe that FortiAnalyzer is not ready with 5.0.2. There are still a lot of issues with it. My rep is not recommending deployment until 5.0.3 which is due out in May/June time frame.
FortiCloud is the recommended interim solution. It can process 1GB of log data for free, so that might be enough for you to determine if it will do what you want.
That said, I' ve played around with SQL tables in FortiAnalyzer 4.3 which is vaguely similar to what' s available in 5.0.2. VPN information is stored in the Event Log. It records a VPN login event and a separate logout event. It would take some SQL wizardry to correlate the two events and calculate the total session time.
The docs for FortiAnalyzer 4.3 contain the table and field names. I am guessing that most of the fields are similar. If you take a look at that, you might be able to cobble together a SQL statement that would give you some of what you' re asking for
Fortinet is aware that the Fortianalyzer is missing some basic reports. What you are asking for is not very unusual and the device should be able to provide that. It' s possible that something like that could be included in 5.0.3.
ORIGINAL: Stevomillan Forgive me but I' m new to FortiAnalyzer reporting. My manager has asked me to create a weekly report with all of our VPN users activity. The report activity specifically is username, source IP address, connection start time, connection stop time, & total duration. None of the " template" reports will do this for me. The real problem here is creating the initial dataset. Since I' m new, I don' t know how the SQL tables work. I haven' t been able to get the help I need from Fortinet support. My first question would be how to output the list of SQL tables from the CLI. Second, how to put these datasets together. Third, are there any resources available for developing reports without attending formal training? We are currently running v5.0.2. Any help would be MOST appreciated.
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply. I' ve seen some of the documentation on v4.0. The data map is really what I' m looking for because as soon as I get that I can start building queries. Is there a command that I can run from the command line that will output the SQL tables?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don' t believe there' s a CLI command to dump the SQL structure.
Appendix C of the FAZ v4.0 MR3 Administration guide has a decent dump and explanation of the fields. I am not sure why they left this out of the 5.0 admin guide.
If you want to take it to the next step, you could install your own mySQL server and setup a remote database for log storage. That would give you a way to see the files directly.
If you' re not familiar with mySQL setup, Lynda.com has a good tutorial on setting it up in a VM here:
http://www.lynda.com/PHP-tutorials/Up-Running-Linux-PHP-Developers/101840-2.html
P.S. Just found this tech doc with more info on fields available, albeit for 4.0 MR2. It' s at least a start.
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=fortianalyzer-for...
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi i have a client that would like a fortinet report that includes everything. meaning VPN, 360, application usage, web usages, cyber threat assessment, data loss prevention, high bandwidth application usage.
is it possible to include this on one single report as to send the client multiple reports on all the above.
i will appreciate your feedback on this
Related Posts
Labels
-
FortiGate
6,588 -
FortiClient
1,312 -
5.2
801 -
5.4
639 -
FortiManager
570 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
338 -
FortiAP
337 -
FortiClient EMS
268 -
6.2
251 -
FortiMail
246 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
62 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
26 -
Firewall policy
25 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
LDAP
11 -
VDOM
11 -
Logging
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SSO
6 -
Application control
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
SNMP
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.