- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Disappointed ... reporting etc.
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Disappointed ... reporting etc.
Hi all,
I' m finding my new shiny Fortianalyser rather impenetrable. The default reports are worse than useless and I find myself really rather disappointed compared to a standard old syslog server!
I wonder whether some of the knowledgeable people here could answer a few questions?
- is it possible to just run SQL queries directly and receive the output ? (or does it have to be integrated into a chart/report etc.)
- is there a guide to using SQL on the Fortianalyzer somewhere?
- is there a schema somewhere to know what columns I might even use?
Sort of questions I want to answer are...
- which user accessed a specific/host/ip address and when
- what traffic is being exchanged between specific ip addresses
etc. etc.
I' m sure there will be more :-)
Thanks,
Jon
- « Previous
- Next »
24 REPLIES 24
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Fellows,
So desirable thread, I ended up with v5.0.7.
While the two-dimensional reports seem to be +/- under control, I wonder if more complex charts - similar to what I' ve seen in my Fortigate (local reports of users detailed activity) or what can be achieved through a drill-down can be obtained.
Now we can have a report based on predefined charts:
Top Users by Sessions
Top Destination by Sessions
Top Applications by Sessions
Sometimes a report combining at least two, maybe three of the above charts would be handy:
Top User 1 by sessions
-Top Dst IP 1 (for User 1) by sessions
--Top Application 1 (for User 1 and Dst IP 1) by sessions
--Top Application 2 (for User 1 and Dst IP 1) by sessions
--Top Application N (for User 1 and Dst IP 1) by sessions
-Top Dst IP 2 (for User 1)
....
Do you believe it' s doable at all?
Thank you,
Rafal
FCNSP 4.x running FortiOS 5.0.4 on FG621B A-A HA
FCNSP 4.x running FortiOS 5.0.4 on FG621B A-A HA
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if I backup my reports will my output profiles also be be backed up and replaced?Long story short, not with my experience. When we went to 5.0.6, we had to recreate all output profiles.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had to recreate / clone 400 + reports and 400 + output profiles because migrating from 4.3.8 to 5.0.6 did not support the output profiles and reports are done entirely different now. I painfully made it through that and everything seemed to be working fine but then I upgraded to 5.0.7 and now my reports are not working....sigh... Anyway my question if anyone knows is: if I backup my reports will my output profiles also be be backed up and replaced? I think I' m going to need to flash and reinstall 5.0.7 but I am afraid I will lose all my work in reports and output profiles...
Richard
Richard
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am also very disappointed with my FAZ. The reporting is not useful. I have been trying forever to get answers about some of it.
For example, we frequently get requests from managers for an employee' s web browsing history for the past month. I have that some of those
reports appear to be incriminating when in fact they are not. Let' s say that I give a manger a report that says the user visited Facebook or made an attempt to
go to Facebook when in fact, they may have browsed a site that had a link to some Facebook
material. So now you have an employee that cant explain to their manager why that is on their report and managers that are not educated enough to know how that can happen.
In my environment, there needs to be a way to differentiate between things like that. We are a county government and things like that can get a person disciplined or worse.
The closest thing, I have ever seen to that was when in the reports, you could specify " Web Clicks Only" which was determined by the amount of time spent there. Now I guess there is nothing.
If there is something like that, I would love to know about it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi jrpayne,
You have a very valid use case there. It might be good for you to start a new thread just focusing on how to improve the web browsing report.
In my opinion, this thread is getting too long, touches many issues and it has lost its focus.
LC
Ling Lu
- « Previous
- Next »
Related Posts
- Can the log report be automated? 83 Views
- Resolve FortiGate Connectivity Issue Same As... 72 Views
- FAZ 200F SSL VPN login fail... 81 Views
- Geo location issue - Internal server... 210 Views
- Blocks ICMP Error Reporting Packets 218 Views
Labels
-
FortiGate
6,574 -
FortiClient
1,308 -
5.2
801 -
5.4
639 -
FortiManager
568 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
338 -
FortiAP
336 -
FortiClient EMS
267 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
61 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
25 -
Firewall policy
24 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
15 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
Virtual IP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
fortilink
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SSO
6 -
Traffic shaping policy
5 -
SNMP
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Web profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.