I would like to create a custom report showing the application being blocked on our FortiClients.
Our Forticlients are successfully uploading their logs to the FortiAnalyzer.
FortiView/Security/FortiClient/Traffic log shows application name in the Security Event List field.
However I do not know how to add that information to a dataset.
I found a canned dataset "fct-Application-Firewall" that shows the appfirewall blocks but it does not include the application name. I am not sure how to add the application name to this dataset
fct-Application-Firewall
Log type:
FortiClient traffic
Query:
select srcname, hostname, coalesce(nullifna(`user`), 'Unknown') as hostuser, utmaction from $log where $filter and lower(utmevent)='appfirewall' group by srcname, hostname, hostuser, utmaction
FortiAnayzer 400C ver 5.2.7
Any assistance is appreciated.
thanks
Dave
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi there,
Application name is recorded in "threat" field in forticlient traffic log, so the dataset will be:
select srcname, threat as app, hostname, coalesce(nullifna(`user`), 'Unknown') as hostuser, utmaction from $log where $filter and lower(utmevent)='appfirewall' group by srcname, threat, hostname, hostuser, utmaction
Regards,
hz
That did the trick, it works now,
thanks.
I did not see a "threat" field in the FortiOS log reference document.
Is there a different log reference document for FortiClient?
If so could you please point me in the right direction?
thanks again.
Dave
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.