Hi dear All,
I have 13 Fortigate devices and one upgraded FortiAnalyzer 1000C v5.4.3-build1187 170518 (GA) in production. I have one Fortigate 1000C v5.4.3,build1111 (GA), some Fortigate 60D and 60C devices running with FortiOS 5.0.x and 5.2.x, I also have 60E devices running with FortiOs 5.4.x. All those firewalls send logs to the FortiAnalyzer for reporting. After upgraded my FortiAnalyzer, I am no more able to get some Web Filtering reports such as :
- Top 20 Most Active Users
- Top 10 Online Users
- Top Web Users by Browsing Time
- Top 50 Sites By Browsing Time
- Top 20 Most Visited Categories
- Top 10 Categories
- Browsing Time Summary
For all these reports I get the same error message "No matching log data for this report". I am really frustated and don't understand why I am no more able to have these reports after upgrading the FortiAnalyzer. I rebuilt Analyzer SQL database but there is still not such reports.
LOG SETTINGS OF FGT60D v5.0,build0292 (GA Patch 9)
config log setting
set brief-traffic-format disable
set daemon-log disable
set fwpolicy-implicit-log disable
set fwpolicy6-implicit-log disable
set gui-location fortianalyzer
set local-in-allow enable
set local-in-deny enable
set local-out enable
set log-invalid-packet disable
set log-user-in-upper disable
set neighbor-event disable
set resolve-apps enable
set resolve-hosts enable
set resolve-ip disable
set resolve-port enable
set user-anonymize disable
end
Any idea ? Please Help me understand and fix this issue !
Andrei.
Hi Andrei,
Please check if you can see web filter logs under log view->security->web filter
If no logs there, please check web filter profile on FGT, Enable "FortiGuard Catgories", change "Allow" to "Monitor".
Regards,
hz
Hi Hz,
Thanks for your advice, I can see Web Filter Logs in FAZ 1000C device and I already changed "Allow" to "Monitor" in Web Filter Profil. What I don't understand is the fact that with FAZ 1000C v5.0, I can get Charts like Top Users and Top Websites by Browsing Time with only "Allow" option enabled instead of "Monitor". Now after upgraded FAZ 1000C to FortiOS 5.4 it is no more giving such details.
Do you know how many time it will take to get these changes impacted on Web Filter Charts ?
Hi Andrei,
I have to check log files on your FAZ. Could you please open a FortiCare ticket and post the ticket number here? I will follow that ticket.
Regards,
HZ
Hi dear HZ,
Thanks for your help, it took some time but now I able to get Wel Filtering details I want.
Hi,
I am facing a similar issue with a customer. Not all reports are generating logs and webfilters are either set to block or to monitor. Did you just have to wait for a long while after performing the upgrade of your analyzer or did you actually make some changes?
v/r,
Tvd
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.