Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Deftone
New Contributor

Created on ‎09-29-2016 07:37 AM

Report src - dst per policy

Hi,

I'm trying to make a datasheet to create reports showing source, destination and policyid per policy. What I made does not work as expected.. Is there someone that can provide me with the right script. What I tried:

 

select `srcip`, sum(coalesce(`rcvdbyte`,0)) as received_bytes from $log where $filter and (ipstr(`srcip`)='') group by `srcip` order by policyid

 

Thanks

4415
0 Kudos
6 REPLIES 6
hzhao_FTNT
Staff
Staff

Created on ‎09-29-2016 08:23 AM

Hi there, try below dataset:

log type=traffic

select srcip,  dstip, policyid, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth from $log where $filter and logid_to_int(logid) not in (4, 7, 14) group by srcip,  dstip, policyid order by bandwidth desc

2186
0 Kudos
Deftone
New Contributor
In response to hzhao_FTNT

Created on ‎09-30-2016 01:55 AM

Yess thank you... Now I'm seeing source and destinations with right policyid's 

Just one more question..IS it also possible to create Datasheet per policy id...

Something like show srcip, dstip in policyid 111 order by bandwidth ?

2186
0 Kudos
hzhao_FTNT
Staff
Staff
In response to Deftone

Created on ‎09-30-2016 08:28 AM

Are you looking for a drill down chart? Currently our drilldown chart support up to 3 columns, so we have to put srcip and dstip into a combined column.

 

dataset as below:

log type traffic

select policyid, ipstr(srcip) || ' | ' || ipstr(dstip) as src_dst_ip, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth from $log where $filter and logid_to_int(logid) not in (4, 7, 14) group by src_dst_ip, policyid order by bandwidth desc

 

chart setting as below:

chart type: table

table type: drilldown

column 1: policyid

column 2: src_dst_ip

column 3: bandwidth

 

add this chart into report and run this report.

 

regards,

hz

 

2186
0 Kudos
Deftone
New Contributor
In response to hzhao_FTNT

Created on ‎10-11-2016 08:12 AM

Thanks for al the reply's. I was away so cloud not anwser directly.

I did all above and the only thing I'm missing is that I want create report based on policyid

 

So let assume I have policy id 300. What I want is a chart that show me srcip, dstip order by bandwidth in policyid 300.

As for now I'm getting to much information on my report

2186
0 Kudos
hzhao_FTNT
Staff
Staff
In response to Deftone

Created on ‎10-11-2016 09:14 AM

You can apply a report filter under report settings: policyid=300

2186
0 Kudos
Deftone
New Contributor
In response to hzhao_FTNT

Created on ‎10-19-2016 07:39 AM

Thank you very much... It works like charm 

2186
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.