Printing Logs from the 400

ZiPPy · ‎08-13-2007

Hello everybody!! I am so glad that I found the forums for Fortinet equipment!! I look forward to talking with you all on the forums. I am currently having some trouble printing out my logs from the Fortianalyzer 400. I got to Log > Browse > Printable Version to generate a report. The browser will then bring up a window saying PRINTABLE_REPORT.html. When I attempt to open up the file, I only see the headers which explains why the file size is only 2kb. What am I doing wrong? Cheers, ZiPPy

rwpatterson · ‎08-13-2007

Are the reports being populated? If the reports are empty, then you have to configure the attached Fortigates to get the data to the FAZ. Check that first, then reply here. Welcome, by the way!

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

ZiPPy · ‎08-13-2007

I believe they are, I see 1 of 64 at the top. I have opened the saved document in a program called Scite, which basically opens the contents of the .html or .xml file. Before I could only see the <html> tag and <body> tag and they were empty, which basically shows there is no data. But now when I open the file I get a bunch of data in .html code. This is simply just to proof it was actually pulling data. Am I suppose to be opening the file with a browser? When I try that I receive the following error, which I believe is caused by not having the correct extension installed. Error Message: XML Parsing Error: mismatched tag. Expected: </meta>. Location: file:///E:/Documents%20and%20Settings/Allenh/Local%20Settings/Temp/Printable_Report.html.xml Line Number 7, Column 3:</head> --^ I might be all over the board on this one, but I just wanted to give as much information as I could. Thanks for the help Cheers, ZiPPy

rwpatterson · ‎08-13-2007

When you open the interface to scan the reports, on the right of each report is a link that will open said report in each defined format. (PDF, HTML, text, etc.) If you click on any of those links to view the report, does it give you more than just the headings? If all you get is the headings, then the FGT is not providing the correct information to the FAZ, and your reports will be blank. If you see data in there (IP addresses, messages, whatever you wanted), then we have to search for the answer elsewhere. Check from the GUI interface and let us out here know if you' re truly pulling in data.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

ZiPPy · ‎08-14-2007

I am currently going to Log > Browswe >wlog.log > then I click on Display. The log browser will then show Last Activity Source Destination Hostname URL Message. At the top right next to the go button, there is a printable version button. I click that to generate a report. Then I get what I was saying in the previous post, with the .html file. Am I obtaining the logs from my network incorrectly? Is there another method or path I should take to obtain them? Because I noticed there are a few ways to get reports, such as tlog.log, wlog.log, elog.log I have a feeling, I have not 100% correctly configured my Fortianalyzer. Is there a way I can step through it all to verify its all setup correctly. Thanks for all the help!! Cheers, ZiPPy

rwpatterson · ‎08-14-2007

The logs contain the data sent to the FAZ from the FGTs. Looking at these individually is kind of useless. FYI, the logs types are:[ul]

clog= Content log

wlog= Web Filter log

ilog= IM log

tlog= Traffic log

alog= Attack log

elog= Event log

vlog= Anti Virus log [/ul] Where you need to be is in the report section. The reports are generated from the contents of these log files. In the config section, you specify the parameters for the reports. You have a very high level of granularity to choose what you need to report on. In ' Report Browse' is where I was referring to the link where you can see the contents of the reports. Create a report, and run it. Choose everything, and specify, for example, a single day. When the report is generated, you' ll then see it in ' Report Browse' . Then you' ll see how the scope fits in, and you' ll then be able to make it closer to what you want. It does take some time to get the hang of it, but once you do, you' ll be able to find what single IP browsed out to what web site, on a specific day, and how much filtered content was blocked. It' s really pretty good.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

ZiPPy · ‎08-14-2007

This is totally what I am looking for and what I had in mind when I installed the Fortianalyzer. Thank you so much!!! My next step is to learn how to view single IP address history. Will the URL print out be different from the ones I was looking at, the wlog.log file? Thanks again for the help, it is VERY much appreciated!! Cheers,

rwpatterson · ‎08-14-2007

The printout will be a bit different, but have the same information with some snazzy headings and stuff, if you like. As I said before, you define what you wish to see. The only real drawback is that most entries are by IP address, not by name (as in local login, or LDAP, IAS, AD authentication). Many people have complained about that ' weakness' .

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

ZiPPy · ‎08-15-2007

Ya, I can see why so many people would want that feature. Is that something that might be implemented down the line or is it a difficult task to process?

rwpatterson · ‎08-15-2007

Not being a programmer, I have no idea of the level of difficulty involved.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com