Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cjackson_ncl
New Contributor III

Created on ‎05-22-2024 02:49 AM

FortiAnalyzer 7.4.3 User Detailed Browsing Log report not returning all results for a user

Hello,

 

Has anyone come across issues with the User Detailed Browsing Log report not returning the expected number of web results for a user.

 

For example, when looking the the webfilter log over a period of 30 days for one user, it returns over 3000 results, yet the User Detailed Browsing Log report for the same period only returns 206 results.

 

Another example is another user in the webfilter log over a period of 30 days will return nearly 20000 results, but just over 3000 in the User Detailed Browsing Log for the same period.

 

It's far to inconsistent to be a limitation on the number of results being returned, so was wondering if anyone else had, or has, the same problem.

 

Regards,

 

Chris

NSE4
NSE4
Labels:
1286
0 Kudos
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Created on ‎05-26-2024 09:21 PM

Hello Chris,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
1230
Debbie_FTNT
Staff
Staff

Created on ‎05-27-2024 12:30 AM

Hey cjackson,

 

my first guess would be that the underlying database queries for the detailed browsing log vs the webfilter log differ - there might be additional filters in the detailed browsing report (like only including logs with a destination hostname, or a specific webfilter action).

Are you using the inbuilt charts/reports, or did you modify them?

Are you comfortable with SQL? If yes, you can check details as follows:

-> go into the Detailed Browsing Report, into Layout

-> select 'edit' on the chart, and note the name

-> go to Chart Library, edit the chart, and note the dataset name

-> go to Datasets, find the dataset, and view it

-> check the 'where $filter and [...]' clause; $filter is a placeholder for the chart/report filters, such as timerange, devices, VDOM, and anything following after would be inbuilt filters. Those would restrict what logs count for the dataset (and thus chart/report) and could explain the difference.

 

Cheers,

Debbie

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
1212
cjackson_ncl
New Contributor III
In response to Debbie_FTNT

Created on ‎05-29-2024 07:53 AM

Thank you Debbie,

 

Yes it is the inbuilt report and I have had mixed results with it over the years with different firmware versions. I will do as you suggested and check the SQL syntax within the dataset. Thanks again for your suggestion.

NSE4
NSE4
1151
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.