Hello,
For reference I am using FortiAnalyzer-VM64
Essentially, I have been able to create a custom query for the web filter log to retrieve counts of source IP addresses, and display the top 15 highest occurring results. From this dataset I was able to create automatic email alerts using the reporting system, however instead of a PDF attachment I would like the results from the query to be displayed as plain text in the email message.
Is there any way for me to get the results of my query to be raw text in an automatic email alert? When our mail server receives the email it automatically parses the message for the relevant information, however this is not possible if the message is a PDF attachment in a report format.
Thanks for your help
Hi there,
Unfortunately we do not offer plain text in email output
On FAZ 5.4, you can choose PDF/HTML/XML/CSV
On FAZ 5.2, you can choose PDF/HTML, the html report is in a zipped folder.
Regards,
hz
Thanks for the answer.
However, whenever I select HTML in the output profile, the email never gets sent. It only seems to work for PDF.
Is there a way to get the HTML file sent through email? As you suggested I would expect it as a zip attachment.
Thanks
The HTML report could be blocked by mail server because it contains some JS files, please check with your mail server admin and ask him to give you an exception.
regards,hz
Thanks for the reply, I will check with the server admin.
In the meantime is there ANY way to get text based email output from a custom query as described above? (API, or another Forti feature)
Receiving PDF/HTML attachments and then having to run a script just to parse out the information I need seems to be counter productive for what I am trying to do.
Thanks for you help
Currently no way to support text based email output, I will ask if we can add this feature in the future
For now, we have a CLI to display report data:
exe sql-report view report-data <ADOM-Name> <Report-Name>
There is another XML API: getFazGeneratedReport, which will retrieve base64 encoded zipped PDF report
Hi fmoh,
How do you create a custom query for the web filter log to retrieve counts of source IP addresses and display the top 15 highest occurring results? I was wondering if you can share that query info? Thank you!
Hey rhap,
I'm not fmoh, but I do have some experience with FortiAnalyzer datasets :).
The query would look something like this:
select count(srcip) as source
from $log
where $filter
group by srcip limit 15
When creating the dataset, set Log Type to 'Web Filter':
Then map the dataset to a chart, and add that chart to a report :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.