Dataset: query license details

Ernie · ‎01-27-2025

Hi Community,

In FortiAnalyzer: is it possible to generate a report that shows me license information from for example FortiGate using a custom dataset? Info like "about to expire licenses" from all FortiGate devices.

Also things like you can get from "diagnose autoupdate ver", for example "Last Updated":

<snip>

Flow-based Virus Definitions
---------
Version: 93.00577 signed
Contract Expiry Date: Sun Dec 28 2025
Last Updated using scheduled update on Mon Jan 27 17:12:27 2025
Last Update Attempt: Mon Jan 27 17:42:10 2025
Result: No Updates

<snip>

AEK · ‎01-27-2025

Hi Ernie

You can go to Log View > FortiGate > Event > System, then filter on the desired message, like Message = *update*, or Log Description = *license* (you can filter by right click on the related message), then on the tools menu (top-right), click Chart Builder and make your own chart, then use it in your report.

Hope it helps.

AEK

View solution in original post

AEK · ‎01-27-2025

Hi Ernie

You can go to Log View > FortiGate > Event > System, then filter on the desired message, like Message = *update*, or Log Description = *license* (you can filter by right click on the related message), then on the tools menu (top-right), click Chart Builder and make your own chart, then use it in your report.

Hope it helps.

AEK

Ernie · ‎01-28-2025

Hi AEK,

Excellent, thanks! That's a very good approach on getting the actual SQL query! :)

I do get some "SQL query is forbidden." in certain queries, not sure why. For example my query in Chart Builder is:

select `level`, `devid`, `devname` from $log where $filter and ( ( ( lower(trim(`msg`)) = lower('FortiSandbox AV database updated'))))

Update: In Log View I entered: msg="FortiSandbox AV database updated"

Update 2: Seems to be version related, a newer version didn't have this issue.

Dataset: query license details

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website