I can certainly help with that!
Let me clarify that referral link tracking is not 100% accurate and requires reporting on extended web filter logs, rather than the unified traffic log.
Now, about your requirements.
scerazy: top 50 users in the last 24 hours is one, first chart. do you want the top 50 users in terms of bandwidth consumed, session count, or perhaps block rate? or all of those as 3 separate subsequent charts?
Then you want blocked and allowed. We have 2 engines that probably concern you here: app control and web filter. What would you like those charts to look like? I can build anything really, but I am trying to find out what piece of data you would like. For instance:
Chart 1: Allowed Websites by Bandwidth
Chart 2: Allowed Websites by Hits
Chart 3: Blocked Websites by Hits
Then we repeat the same story for applications.
When you filter this report by user, it will show that user' s top resource consumption. Without a user selected, we will show global data.
I want to make sure we differentiate this from an investigative report which would include timestamps. When we do include timestamps, we will get one entry for each hit which results in very long datasets. I can definitely include this in the report, but it will have limited value when you do not filter the report (that is, if we are not hit with a bug).
I' ll work on something for you, but if you have any precisions to offer by all means please do!
--
Mathieu Nantel
Systems Engineer / Conseiller Technique - Fortinet
Montreal, QC