Technical Tip: Exclude or include a source or dest...

tsimeonov_FTNT · 04-17-2024

Description This article describes how to use the 'filter' option in fazbd-log-export init.This article serves as an extension of the knowledge explained in the CLI Reference guide. Scope FortiAnalyzer-BigData, CLI, controller. Solution The 'filter' ...

tsimeonov_FTNT · 11-20-2023

Description This article describes how to use a POSIX expression to include or exclude a source or destination subnet with a generic text filter. Scope FortiAnalyzer. Solution A generic filter can be used to exclude or include subnets as a source and...

tsimeonov_FTNT · 05-24-2017

DescriptionFortiAnalyzer (FAZ) relies upon hcache tables to build reports. If a report is not scheduled and autocache is not enabled, the first run of the report will take extra time because the FAZ needs to first build the required hcache tables. Pr...

tsimeonov_FTNT · 02-15-2017

This article covers a basic setup steps allowing FortiAnalyzer (FAZ) to accept FortiClients (FCT) logs.FAZ collects FCT logs into FortiClient ADOM. They logs are stored under the EMS's serial number managing the FortiClients. And in order to do so th...

tsimeonov_FTNT · 06-04-2015

DescriptionThis article provides basic tips about creating custom reports on a FortiGate (FGT). Most of the steps are available only in the CLI. For more complicated custom report scenarios, Fortinet recommends use of FortiAnalyzer (FAZ). FortiGate r...

tsimeonov_FTNT · 04-08-2020

It depends if  users' names are listed in vpn traffic  logs

tsimeonov_FTNT · 03-11-2020

Hi James, I think the slowness could be caused by the query scope send from FGT to FAZ. In FGT 6.0.9 the the FGT sends limits 50 lines, while FGT 6.2.3 sets limit 500 e.g: v6.0.9: Execute SQL query: SELECT * FROM ((SELECT ti1.*, ti2."devid",ti2."vd",...

tsimeonov_FTNT · 02-13-2020

with a new license the FMG will have a new SN. use: exec fgfm reclaim-dev-tunnel all to force the FMG with SN to take over the fortigates. Cheers

tsimeonov_FTNT · 09-18-2019

it is better if you could opened a support ticket as somebody needs to look at the FAZ and run some diagnostics.When you opened a ticket provide following outputs to the support engineer:get sys statusdiag fortilog logdiag log devicediag test app sql...

tsimeonov_FTNT · 09-18-2019

Please check if you have a valid subscription for Threat Detection Service (IOC). (under System Settings) Likely your system is not licensed and not beet updated.

User Statistics

User Activity

Technical Tip: How to filter FortiAnalyzer-BigData logs for export

Technical Tip: Exclude or include a source or destination subnet using a generic text filter in an event handler / log forwarding

Improving report performance with report-grouping

Configuring FortiAnalyzer to accept FortiClients' logs

Customizing reports generated by FortiGate

Re: Individual VPN user traffic to and from network

Re: Performance of viewing logs from Fortigate (Since 6.2.3 upgrade)

Re: FG disconnected from FMG after uploading new license file

Re: Too slow. Is there a way to speed up FortiAnalyzer?

Re: Compromised Hosts - too many false positives?

Technical Tip: Exclude or include a source or dest...

FortiAnalyzer Date and Time built in macros

Technical Note: Use of Operators in Event Handler ...

Improving report performance with report-grouping

Fortinet Training Institute

KCS