Hi everyone,
I'm using a FortiAnalyzer on 5.2.10. I need a report I can schedule to email out that shows all session timeouts for the previous day showing source ip, destination ip, and application or destination port. It would be nice if I could see the session duration, source user, and filter by application / destination port, but those are not necessary.
I know enough about the FAZ to make new reports and layouts, and I poke around in charts some, but I'm clueless when it comes to creating datasets. I've not been able to find a pre-configured dataset to support that kind of report, and I'm hoping that someone on here might help me with that.
Thanks for your time.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Friendly bump :)
could you post a sample log with session timeout?
try below dataset
log type: traffic
select from_itime(itime) as timestamp, srcip, coalesce(nullifna(`user`), nullifna(`unauthuser`)) as user_src, dstip, dstport, app from $log where $filter and logid_to_int(logid) not in (4, 7, 14) and action='timeout' group by itime, srcip, user_src, dstip, dstport, app order by itime desc
Then create a table chart based on this dataset and add it into a report.
For "the previous day", set report time period to "Yesterday", for filter of application / destination port, you can specify in report setting with app "equal to" and dstport "equal to"
regards,
hz
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.