Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Some Category Logs Does Not Include "Ebtime"
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Some Category Logs Does Not Include "Ebtime"
Hello,
I've been trying to report on how much time my users spend in the 'Streaming Media and Download' category on FortiAnalyzer for a while. I noticed that the reports I created weren't working correctly, so I started to dig deeper into the issue.
According to my findings, the main source of the problem is that the 'ebtime' parameter is missing in the raw logs for some categories.
The 'Streaming Media and Download' category is one of them. Since the 'ebtime' parameter is not present in the log, 'FAZ' cannot calculate the 'Estimated Browsing Time' value for these categories.
How can I solve this issue? How can I ensure that the 'ebtime' parameter is included in these categories?
The traffic logs of the 'Streaming Media and Download' category that do not contain the 'ebtime' parameter;
date="2024-08-29" time="14:40:17" id=7408525277996777492 bid=39320003 dvid=1064 itime=1724931709 euid=1110 epid=3405 dsteuid=3 dstepid=101 logflag=1 logver=702071577 type="traffic" subtype="forward" level="notice" action="close" utmaction="allow" policyid=535 sessionid=2732882371 srcip="mysrcip" dstip="216.58.212.46" transip="mywanip" srcport=59019 dstport=443 transport=59019 trandisp="snat" duration=425 proto=6 sentbyte=48830 rcvdbyte=1042387 sentdelta=156 rcvddelta=205 sentpkt=245 rcvdpkt=758 logid="0000000013" user="myuser" unauthuser="myuser" srcname="myuser" service="HTTPS" app="YouTube" appcat="Video/Audio" srcintfrole="lan" dstintfrole="wan" srcserver=0 appid=31077 apprisk="elevated" policytype="policy" eventtime=1724931617061381584 wanin=1022036 wanout=36082 lanin=21642 lanout=1011959 countapp=13 countweb=11 srcuuid="6ae3d388-0ed2-51eb-1f85-7f175ff39911" dstuuid="fcd1923c-1b42-51ea-0953-c61a253a3d3c" poluuid="2ed7365c-651b-51ef-aaf8-77377b07a57c" srcmac="30:05:05:0e:b8:bb" mastersrcmac="30:05:05:0e:b8:bb" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="United States" srcintf="Personel-Vlan" dstintf="wan1" unauthusersource="kerberos" authserver="ad" applist="Company_Genel" hostname="www.youtube.com" catdesc="Streaming Media and Download" dstowner="google.com" saasinfo="{0,10,0}" apps="{YouTube_Video.Embedded,YouTube,SSL}" tz="+0300" devid="FG100FTK21051814" vd="root" devname="MERKEZ-FGT100F" utmref="RAAAgAAEAAAB0FACAAH1e0GZ9XtBm"
date="2024-08-29" time="14:28:29" id=7408522232864964796 bid=39319492 dvid=1064 itime=1724931000 euid=1110 epid=3405 dsteuid=3 dstepid=101 logflag=1 logver=702071577 type="traffic" subtype="forward" level="notice" action="close" utmaction="allow" policyid=535 sessionid=2732178671 srcip="mysrcip" dstip="142.251.141.46" transip="mywanip" srcport=57657 dstport=443 transport=57657 trandisp="snat" duration=3281 proto=6 sentbyte=2933940 rcvdbyte=3160776 sentdelta=104 rcvddelta=257 sentpkt=4128 rcvdpkt=5756 logid="0000000013" user="myuser" unauthuser="myuser" srcname="myuser" service="HTTPS" app="YouTube_Video.Access" appcat="Video/Audio" srcintfrole="lan" dstintfrole="wan" srcserver=0 appid=16420 apprisk="elevated" policytype="policy" eventtime=1724930908941382109 wanin=2780732 wanout=2719264 lanin=2707970 lanout=2928607 countapp=559 countweb=539 srcuuid="6ae3d388-0ed2-51eb-1f85-7f175ff39911" dstuuid="fcd1923c-1b42-51ea-0953-c61a253a3d3c" poluuid="2ed7365c-651b-51ef-aaf8-77377b07a57c" srcmac="30:05:05:0e:b8:bb" mastersrcmac="30:05:05:0e:b8:bb" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="United States" srcintf="Personel-Vlan" dstintf="wan1" unauthusersource="kerberos" authserver="ad" applist="Company_Genel" hostname="www.youtube.com" catdesc="Streaming Media and Download" dstowner="google.com" saasinfo="{10,10,10,0}" clouduser="mysrcip" apps="{YouTube_Channel.ID,YouTube_Video.Access,YouTube,SSL}" tz="+0300" devid="FG100FTK21051814" vd="root" devname="MERKEZ-FGT100F" utmref="RAAAgAAEAAAB0vACAALhb0Ga4W9Bm"
date="2024-08-29" time="14:27:59" id=7408522108310913175 bid=39319470 dvid=1064 itime=1724930971 euid=1110 epid=3405 dsteuid=3 dstepid=101 logflag=1 logver=702071577 type="traffic" subtype="forward" level="notice" action="close" utmaction="allow" policyid=535 sessionid=2732772510 srcip="mysrcip" dstip="172.217.169.142" transip="mywanip" srcport=58837 dstport=443 transport=58837 trandisp="snat" duration=241 proto=6 sentbyte=3913 rcvdbyte=4160 sentdelta=104 rcvddelta=309 sentpkt=14 rcvdpkt=23 logid="0000000013" user="myuser" unauthuser="myuser" srcname="myuser" service="HTTPS" app="YouTube" appcat="Video/Audio" srcintfrole="lan" dstintfrole="wan" srcserver=0 appid=31077 apprisk="elevated" policytype="policy" eventtime=1724930879531386029 wanin=2897 wanout=3177 lanin=4988 lanout=3168 countapp=3 countweb=1 srcuuid="6ae3d388-0ed2-51eb-1f85-7f175ff39911" dstuuid="fcd1923c-1b42-51ea-0953-c61a253a3d3c" poluuid="2ed7365c-651b-51ef-aaf8-77377b07a57c" srcmac="30:05:05:0e:b8:bb" mastersrcmac="30:05:05:0e:b8:bb" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="United States" srcintf="Personel-Vlan" dstintf="wan1" unauthusersource="kerberos" authserver="ad" applist="Company_Genel" hostname="accounts.youtube.com" catdesc="Streaming Media and Download" dstowner="510" saasinfo="{10,0}" apps="{YouTube,SSL}" tz="+0300" devid="FG100FTK21051814" vd="root" devname="MERKEZ-FGT100F" utmref="BAYQAAAQAAAByiQCAAKla0GapWtBmd4gAgACpWtBmqVrQZnKHAIAAqVrQZqla0GZyfQCAAKla0GapWtBm"
date="2024-08-29" time="14:26:28" id=7408521717468889108 bid=39319406 dvid=1064 itime=1724930880 euid=1110 epid=3405 dsteuid=3 dstepid=101 logflag=1 logver=702071577 type="traffic" subtype="forward" level="notice" action="close" utmaction="allow" policyid=535 sessionid=2732736865 srcip="mysrcip" dstip="176.235.75.18" transip="mywanip" srcport=58717 dstport=443 transport=58717 trandisp="snat" duration=332 proto=6 sentbyte=441023 rcvdbyte=34880727 sentdelta=188590 rcvddelta=9605191 sentpkt=3718 rcvdpkt=23528 logid="0000000013" user="myuser" unauthuser="myuser" srcname="myuser" service="HTTPS" app="YouTube_Video.Play" appcat="Video/Audio" srcintfrole="lan" dstintfrole="wan" srcserver=0 appid=38569 apprisk="elevated" policytype="policy" eventtime=1724930788241385570 wanin=33991095 wanout=247679 lanin=249467 lanout=33939571 countapp=65 countweb=63 srcuuid="6ae3d388-0ed2-51eb-1f85-7f175ff39911" dstuuid="fcd1923c-1b42-51ea-0953-c61a253a3d3c" poluuid="2ed7365c-651b-51ef-aaf8-77377b07a57c" srcmac="30:05:05:0e:b8:bb" mastersrcmac="30:05:05:0e:b8:bb" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Turkey" srcintf="Personel-Vlan" dstintf="wan1" unauthusersource="kerberos" authserver="ad" applist="Company_Genel" hostname="rr7---sn-u0g3jxaa-n5fe.googlevideo.com" catdesc="Streaming Media and Download" dstowner="google.com" saasinfo="{10,10,0}" apps="{YouTube_Video.Play,YouTube,SSL}" tz="+0300" devid="FG100FTK21051814" vd="root" devname="MERKEZ-FGT100F" utmref="RAAAgAAEAAAB0FACAAEBb0GZAW9Bm"
date="2024-08-29" time="14:20:57" id=7408520291539746979 bid=39319140 dvid=1064 itime=1724930548 euid=1110 epid=3405 dsteuid=3 dstepid=101 logflag=1 logver=702071577 type="traffic" subtype="forward" level="notice" action="client-rst" utmaction="allow" policyid=535 sessionid=2732645134 srcip="mysrcip" dstip="176.235.75.13" transip="mywanip" srcport=58572 dstport=443 transport=58572 trandisp="snat" duration=472 proto=6 sentbyte=748677 rcvdbyte=48935738 sentdelta=52 rcvddelta=248 sentpkt=5972 rcvdpkt=33118 logid="0000000013" user="myuser" unauthuser="myuser" srcname="myuser" service="HTTPS" app="YouTube_Video.Play" appcat="Video/Audio" srcintfrole="lan" dstintfrole="wan" srcserver=0 appid=38569 apprisk="elevated" policytype="policy" eventtime=1724930456521388810 wanin=47686738 wanout=438125 lanin=439849 lanout=47608002 countapp=114 countweb=111 srcuuid="6ae3d388-0ed2-51eb-1f85-7f175ff39911" dstuuid="fcd1923c-1b42-51ea-0953-c61a253a3d3c" poluuid="2ed7365c-651b-51ef-aaf8-77377b07a57c" srcmac="30:05:05:0e:b8:bb" mastersrcmac="30:05:05:0e:b8:bb" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Turkey" srcintf="Personel-Vlan" dstintf="wan1" unauthusersource="kerberos" authserver="ad" applist="Company_Genel" hostname="rr2---sn-u0g3jxaa-n5fe.googlevideo.com" catdesc="Streaming Media and Download" dstowner="google.com" saasinfo="{10,10,0}" apps="{YouTube_Video.Play,YouTube,SSL}" tz="+0300" devid="FG100FTK21051814" vd="root" devname="MERKEZ-FGT100F" utmref="RAAAgAAEAAAB0owCAAPRZ0Gb0WdBm"
date="2024-08-29" time="14:17:57" id=7408519522740600955 bid=39319012 dvid=1064 itime=1724930369 euid=1110 epid=3405 dsteuid=3 dstepid=101 logflag=1 logver=702071577 type="traffic" subtype="forward" level="notice" action="close" utmaction="allow" policyid=535 sessionid=2732655137 srcip="mysrcip" dstip="216.58.212.14" transip="mywanip" srcport=58609 dstport=443 transport=58609 trandisp="snat" duration=241 proto=6 sentbyte=3914 rcvdbyte=4158 sentdelta=104 rcvddelta=309 sentpkt=14 rcvdpkt=23 logid="0000000013" user="myuser" unauthuser="myuser" srcname="myuser" service="HTTPS" app="YouTube" appcat="Video/Audio" srcintfrole="lan" dstintfrole="wan" srcserver=0 appid=31077 apprisk="elevated" policytype="policy" eventtime=1724930278201401770 wanin=3197 wanout=3178 lanin=4957 lanout=3166 countapp=3 countweb=1 srcuuid="6ae3d388-0ed2-51eb-1f85-7f175ff39911" dstuuid="fcd1923c-1b42-51ea-0953-c61a253a3d3c" poluuid="2ed7365c-651b-51ef-aaf8-77377b07a57c" srcmac="30:05:05:0e:b8:bb" mastersrcmac="30:05:05:0e:b8:bb" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="United States" srcintf="Personel-Vlan" dstintf="wan1" unauthusersource="kerberos" authserver="ad" applist="Company_Genel" hostname="accounts.youtube.com" catdesc="Streaming Media and Download" dstowner="google.com" saasinfo="{10,0}" apps="{YouTube,SSL}" tz="+0300" devid="FG100FTK21051814" vd="root" devname="MERKEZ-FGT100F" utmref="BAYQAAAQAAAByrACAAFBY0GZQWNBmd6sAgABQWNBmUFjQZnKqAIAAUFjQZlBY0GZypACAAFBY0GZQWNBm"
date="2024-08-29" time="14:13:27" id=7408518358804463688 bid=39318800 dvid=1064 itime=1724930098 euid=1110 epid=3405 dsteuid=3 dstepid=101 logflag=1 logver=702071577 type="traffic" subtype="forward" level="notice" action="close" utmaction="allow" policyid=535 sessionid=2732649271 srcip="mysrcip" dstip="176.88.234.15" transip="mywanip" srcport=58584 dstport=443 transport=58584 trandisp="snat" duration=1 proto=6 sentbyte=2557 rcvdbyte=9510 sentpkt=15 rcvdpkt=14 logid="0000000013" user="myuser" unauthuser="myuser" srcname="myuser" service="HTTPS" app="Google.Services" appcat="General.Interest" srcintfrole="lan" dstintfrole="wan" srcserver=0 appid=42533 apprisk="elevated" policytype="policy" eventtime=1724930007151380649 wanin=10659 wanout=1769 lanin=3265 lanout=8938 countapp=3 countweb=1 srcuuid="6ae3d388-0ed2-51eb-1f85-7f175ff39911" dstuuid="fcd1923c-1b42-51ea-0953-c61a253a3d3c" poluuid="2ed7365c-651b-51ef-aaf8-77377b07a57c" srcmac="30:05:05:0e:b8:bb" mastersrcmac="30:05:05:0e:b8:bb" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Turkey" srcintf="Personel-Vlan" dstintf="wan1" unauthusersource="kerberos" authserver="ad" applist="Company_Genel" hostname="r4---sn-u0g3jxaa-5q5s.googlevideo.com" catdesc="Streaming Media and Download" saasinfo="{0,10,0}" apps="{Google.Services,YouTube,SSL}" tz="+0300" devid="FG100FTK21051814" vd="root" devname="MERKEZ-FGT100F" utmref="BAYQAAAQAAAByWACAADFY0GYxWNBmd1cAgAAxWNBmMVjQZnJTAIAAMVjQZjFY0GZyUgCAADFY0GYxWNBm"
date="2024-08-29" time="14:13:05" id=7408518264315183264 bid=39318790 dvid=1064 itime=1724930076 euid=1110 epid=3405 dsteuid=3 dstepid=101 logflag=1 logver=702071577 type="traffic" subtype="forward" level="notice" action="client-rst" utmaction="allow" policyid=535 sessionid=2732558036 srcip="mysrcip" dstip="176.235.75.82" transip="mywanip" srcport=58317 dstport=443 transport=58317 trandisp="snat" duration=444 proto=6 sentbyte=619606 rcvdbyte=23452756 sentdelta=52 rcvddelta=248 sentpkt=3423 rcvdpkt=16105 logid="0000000013" user="myuser" unauthuser="myuser" srcname="myuser" service="HTTPS" app="YouTube_Video.Play" appcat="Video/Audio" srcintfrole="lan" dstintfrole="wan" srcserver=0 appid=38569 apprisk="elevated" policytype="policy" eventtime=1724929984961389370 wanin=22877384 wanout=440954 lanin=442442 lanout=22808520 countapp=110 countweb=107 srcuuid="6ae3d388-0ed2-51eb-1f85-7f175ff39911" dstuuid="fcd1923c-1b42-51ea-0953-c61a253a3d3c" poluuid="2ed7365c-651b-51ef-aaf8-77377b07a57c" srcmac="30:05:05:0e:b8:bb" mastersrcmac="30:05:05:0e:b8:bb" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Turkey" srcintf="Personel-Vlan" dstintf="wan1" unauthusersource="kerberos" authserver="ad" applist="Company_Genel" hostname="rr7---sn-u0g3jxaa-n5fl.googlevideo.com" catdesc="Streaming Media and Download" dstowner="google.com" saasinfo="{10,10,0}" apps="{YouTube_Video.Play,YouTube,SSL}" tz="+0300" devid="FG100FTK21051814" vd="root" devname="MERKEZ-FGT100F" utmref="RAAAgAAEAAAB0oACAABxY0GYcWNBm"
date="2024-08-29" time="14:12:33" id=7408518126876229750 bid=39318767 dvid=1064 itime=1724930044 euid=1110 epid=3405 dsteuid=3 dstepid=101 logflag=1 logver=702071577 type="traffic" subtype="forward" level="notice" action="close" utmaction="allow" policyid=535 sessionid=2732585947 srcip="mysrcip" dstip="142.250.187.110" transip="mywanip" srcport=58432 dstport=443 transport=58432 trandisp="snat" duration=260 proto=6 sentbyte=9519 rcvdbyte=37570 sentdelta=104 rcvddelta=309 sentpkt=51 rcvdpkt=59 logid="0000000013" user="myuser" unauthuser="myuser" srcname="myuser" service="HTTPS" app="Google.Services" appcat="General.Interest" srcintfrole="lan" dstintfrole="wan" srcserver=0 appid=42533 apprisk="elevated" policytype="policy" eventtime=1724929952221381790 wanin=34913 wanout=6859 lanin=4175 lanout=35138 countapp=8 countweb=6 srcuuid="6ae3d388-0ed2-51eb-1f85-7f175ff39911" dstuuid="fcd1923c-1b42-51ea-0953-c61a253a3d3c" poluuid="2ed7365c-651b-51ef-aaf8-77377b07a57c" srcmac="30:05:05:0e:b8:bb" mastersrcmac="30:05:05:0e:b8:bb" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="United States" srcintf="Personel-Vlan" dstintf="wan1" unauthusersource="kerberos" authserver="ad" applist="Company_Genel" hostname="www.youtube.com" catdesc="Streaming Media and Download" dstowner="google.com" saasinfo="{0,10,0}" ebtime="{\"[1724940510,1724940690)\"}" apps="{Google.Services,YouTube,SSL}" tz="+0300" devid="FG100FTK21051814" vd="root" devname="MERKEZ-FGT100F" utmref="RAAAgAAEAAAB0dgCAAPxX0Gb8V9Bm"
date="2024-08-29" time="14:07:57" id=7408516945760223273 bid=39318559 dvid=1064 itime=1724929769 euid=1110 epid=3405 dsteuid=3 dstepid=101 logflag=1 logver=702071577 type="traffic" subtype="forward" level="notice" action="close" utmaction="allow" policyid=535 sessionid=2732538211 srcip="mysrcip" dstip="216.58.212.14" transip="mywanip" srcport=58240 dstport=443 transport=58240 trandisp="snat" duration=241 proto=6 sentbyte=3911 rcvdbyte=4161 sentdelta=104 rcvddelta=309 sentpkt=14 rcvdpkt=23 logid="0000000013" user="myuser" unauthuser="myuser" srcname="myuser" service="HTTPS" app="YouTube" appcat="Video/Audio" srcintfrole="lan" dstintfrole="wan" srcserver=0 appid=31077 apprisk="elevated" policytype="policy" eventtime=1724929677291429219 wanin=2760 wanout=3175 lanin=4954 lanout=3169 countapp=3 countweb=1 srcuuid="6ae3d388-0ed2-51eb-1f85-7f175ff39911" dstuuid="fcd1923c-1b42-51ea-0953-c61a253a3d3c" poluuid="2ed7365c-651b-51ef-aaf8-77377b07a57c" srcmac="30:05:05:0e:b8:bb" mastersrcmac="30:05:05:0e:b8:bb" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="United States" srcintf="Personel-Vlan" dstintf="wan1" unauthusersource="kerberos" authserver="ad" applist="Company_Genel" hostname="accounts.youtube.com" catdesc="Streaming Media and Download" dstowner="google.com" saasinfo="{10,0}" apps="{YouTube,SSL}" tz="+0300" devid="FG100FTK21051814" vd="root" devname="MERKEZ-FGT100F" utmref="BAYQAAAQAAAByfQCAAPdV0Gb3VdBmd3wAgAD3VdBm91XQZnJ7AIAA91XQZvdV0GZyeQCAAPdV0Gb3VdBm"
An example log of another category that contains the 'ebtime' parameter;
date=2024-08-29 time=14:34:21 id=7408523748988420203 itime=2024-08-29 14:35:53 euid=1110 epid=3405 dsteuid=3 dstepid=101 logflag=1 logver=702071577 type=traffic subtype=forward level=notice action=close utmaction=allow policyid=535 sessionid=2732894904 srcip=mysrcip dstip=35.215.129.230 transip=mywanip srcport=59274 dstport=443 transport=59274 trandisp=snat duration=11 proto=6 sentbyte=1914 rcvdbyte=4205 sentpkt=17 rcvdpkt=18 logid=0000000013 user=myuser unauthuser=myuser srcname=myuser service=HTTPS app=Google.Services appcat=General.Interest srcintfrole=lan dstintfrole=wan srcserver=0 appid=42533 apprisk=elevated policytype=policy eventtime=1724931261801387029 wanin=4960 wanout=1046 lanin=2620 lanout=3473 countapp=3 countweb=1 srcuuid=6ae3d388-0ed2-51eb-1f85-7f175ff39911 dstuuid=fcd1923c-1b42-51ea-0953-c61a253a3d3c poluuid=2ed7365c-651b-51ef-aaf8-77377b07a57c srcmac=30:05:05:0e:b8:bb mastersrcmac=30:05:05:0e:b8:bb srcswversion=10 osname=Windows srccountry=Reserved dstcountry=Hong Kong srcintf=Personel-Vlan dstintf=wan1 unauthusersource=kerberos authserver=ad applist=company_Genel hostname=e2c32.gcp.gvt2.com catdesc=Search Engines and Portals dstowner=google.com saasinfo=0,0 ebtime=\"[1724942051,1724942061)\" apps=Google.Services,SSL tz=+0300 devid=FG100FTK21051814 vd=root utmref=BAYQAAAQAAAByxgCAAA5d0GYOXdBmd8UAgAAOXdBmDl3QZnLAAIAADl3QZg5d0GZy3ACAAA1d0GYNXdBm dtime=2024-08-29 14:34:21 itime_t=1724931353 devname=MERKEZ-FGT100F srcuuid_name=Personel-Vlan address dstuuid_name=all
Here, you can see the result I obtained from the dataset I created. As you can see, even though some categories have very high bandwidth, the 'browsetime' returns as 0 because their logs do not contain the 'ebtime' parameter.
| catdesc | browsetime | bandwidth |
| Information Technology | 45313 | 2929389176 |
| Search Engines and Portals | 34826 | 227016389 |
| Business | 23727 | 66621073 |
| Social Networking | 16288 | 47553652 |
| Web-based Applications | 12213 | 4813127 |
| Government and Legal Organizations | 11544 | 29248721 |
| Information and Computer Security | 10761 | 34332717 |
| Finance and Banking | 9724 | 14307560 |
| Web Analytics | 9439 | 3517915 |
| Web-based Email | 8857 | 9782846 |
| Instant Messaging | 8261 | 16628927 |
| News and Media | 4789 | 33308162 |
| Reference | 4778 | 8904191 |
| Games | 4757 | 2761757 |
| Shopping | 4509 | 16745512 |
| Travel | 4388 | 36270197 |
| Online Meeting | 4290 | 5214742 |
| Internet Radio and TV | 3474 | 3947371 |
| Education | 1985 | 7854544 |
| Health and Wellness | 1262 | 170443 |
| Proxy Avoidance | 979 | 654880 |
| Entertainment | 585 | 21626596 |
| Brokerage and Trading | 537 | 5847991 |
| Newsgroups and Message Boards | 497 | 2330870 |
| Job Search | 490 | 340219 |
| Restaurant and Dining | 444 | 989541 |
| Secure Websites | 284 | 54333 |
| Personal Websites and Blogs | 262 | 603913 |
| General Organizations | 180 | 198354 |
| Society and Lifestyles | 122 | 5557 |
| Sports | 72 | 201395 |
| Arts and Culture | 63 | 8850 |
| Web Chat | 34 | 9337 |
| Phishing | 0 | 35779 |
| Content Servers | 0 | 1352700823 |
| Domain Parking | 0 | 181025 |
| File Sharing and Storage | 0 | 14644006 |
| Freeware and Software Downloads | 0 | 7415294 |
| Illegal or Unethical | 0 | 36657 |
| Internet Telephony | 0 | 120418 |
| Lingerie and Swimsuit | 0 | 200036 |
| Meaningless Content | 0 | 4269986 |
| Advertising | 0 | 75730875 |
| Remote Access | 0 | 9860 |
| Streaming Media and Download | 0 | 1943820816 |
| Unrated | 0 | 1884719 |
Labels:
- Labels:
-
FortiAnalyzer
-
FortiGate
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey syosunkaya,
the 'ebtime' parameter is not something logged by FortiGate, but something inserted by FortiAnalyzer when it adds the log to database, to my understanding.
I was able to dig up a (very) old reference how the 'ebtime' parameter is created/added:
"Logs with the following conditions met are considered usable for the calculation of estimated browsing time:
Traffic logs with logid of 13 or 2, when logid == 13, hostname must not be empty. The service field should be either HTTP, 80/TCP or 443/TCP.
If all above conditions are met, then devid, vdom, and user (srcip if user is empty) are combined as a key to identify a user. For time estimation, the current value of duration is calculated against history session start and end time, only un-overlapped part are used as the ebtime of the current log."
see https://docs.fortinet.com/document/fortianalyzer/6.2.12/release-notes/901026/special-notices
This may not be entirely up to date anymore, given that your logs have service HTTPS, but I'm not seeing much of a difference between the logs with and without 'ebtime'.
FortiAnalyzer technical support might be able to assist you better in determining why FortiAnalyzer generates the 'ebtime' parameter for some logs, but not others.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Pre-processing logic of ebtime
Logs with the following conditions met are considered usable for the calculation of estimated browsing time:
Traffic logs with logid of 13 or 2, when logid == 13, hostname must not be empty. The service field should be either HTTP, 80/TCP or 443/TCP.
If all above conditions are met, then devid, vdom, and user (srcip if user is empty) are combined as a key to identify a user. For time estimation, the current value of duration is calculated against history session start and end time, only un-overlapped part are used as the ebtime of the current log.
In your case, all the conditions are matching. If you have support coverage please raise a support case.
logid="0000000013"
service="HTTPS"
hostname="www.youtube.com"
Mrinmoy Purkayastha
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Fortinet with Starlink. If not active... 40 Views
- Fortigate not showing Deny logs 609 Views
- Webpage access blocked 260 Views
- ACME Clarification 409 Views
- Document for PCI-DSS (v4) requirement 5.2.3 254 Views
Labels
-
FortiGate
8,499 -
FortiClient
1,722 -
5.2
801 -
FortiManager
715 -
5.4
639 -
FortiAnalyzer
548 -
FortiSwitch
460 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
309 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
223 -
FortiWeb
200 -
5.0
196 -
IPsec
188 -
FortiNAC
180 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
71 -
4.0MR3
64 -
FortiProxy
59 -
Fortivoice
53 -
FortiADC
53 -
High Availability
53 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
40 -
DNS
40 -
BGP
39 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
33 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
27 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
24 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
SSL SSH inspection
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1662 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.