Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

problem to generate monthly reports

I have a FortiAnalyzer 100B, when I try to get a monthly report only shows me the last 3 days, it seems that erased the previous logs ..... someone who can help me? and I read the documentation but I still have the same problem.
6 REPLIES 6
dubbsix
New Contributor

How much disk space did you allocate for your logs? Possible the logs were " rolled over" because of file space on the analyzer? Also make sure that the templates you are using are monthly and not 24hrs. Most by default give you the last 25hrs of event data.
Fortinet FanBoy.
Fortinet FanBoy.
abelio
Valued Contributor

Hi, check once again if you' ve logs for that period actually. Browse the traffic or another logs to verify log entries date. Once that verified, you and we' ll be able to focus on reporting problem. regards,

regards




/ Abel

regards / Abel
renanss
New Contributor

I have the same problem, I need to generate a monthly report of the amount of data generated in the period of a month.

Debbie_FTNT

Hey renanss,

what do you mean by 'amount of data'?

-> bandwidth used by FortiGate?

-> amount of logs generated by FortiGate?

-> amount of disk space used on FortiAnalyzer?

 

In addition, how long does your FortiAnalyzer retain logs in the database (Analytics retention)? If less than one month, you cannot generate reports that cover the duration of a month; reports can only take into consideration logs in the database, and if the logs are not old enough, then the report will have incomlete data.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
renanss

Currently in Metro dp state of SP there are 5 firewalls that are sending logs (SSL Log, AntiVirus Log, Web Filter Log, IPS Log, Application Control Log, DNS Query Log, Event Log, Traffic Log) that send logs to FortAnalyzer 7.0.5 .I need help creating a report in Analyzer where I can get the size of all logs that are sent from a firewall to Analyzer, we need to know how many logs in Gigabyte are generated during a month from a given firewall.

The second question is whether I can get separately from a firewall that the Analyzer receives the logs, how many web filter log data is generated in gigabytes, how many logs in application control are also sent to the analyzer of a given firewall.

I need to carry out this survey to start a project to insert the logs in the Microsoft SIEM.

Debbie_FTNT

Hey renanss,

 

I'm not aware of any way for FortiAnalyzer to generate a report over log volume in GB, my apologies.

However, you can count the number of log messages fairly easily, with a dataset something like this:

select type, count(*) as total_logs from $log where $filter group by type order by total_logs desc

 

That dataset would simply total all logs for each type within the filter parameters ($log and $filter, placeholders for the report filter settings) and list by descending order of total logs.
You could map that to a chart for a simple table display.

To get to a rough estimate of actual logging volume in bytes, the rule of thumb I've always worked with is 1 log = 100 bytes, assuming you don't have extended UTM logging enabled (that can cause log messages to extend to up to 20KB, as they include all HTTP header information).

 

If this is insufficient for your needs, you can get in touch with Fortinet Professional Services, who can assist in creating custom FortiAnalyzer reports to suit your needs.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Labels
Top Kudoed Authors