Re: Fortigate 6.0.3 Traffic Log Analysis via Syslo...

janderson133 · 12-29-2018

Hello, I'm trying to summarize the amount of data used by an application, host, etc. over a given period of time. I'm sysloggging to Splunk and seeing the following problem: long running sessions are logged every 2 minutes with the cumulative amount ...

janderson133 · 01-02-2019

Thanks Frosty - that worked too: eventtype=ftnt_fgt_traffic logid != "0000000020" | eval GigaBytes=bytes/1024/1024/1024 | stats sum(GigaBytes) as Total_GigaBytes by app | sort -Total_GigaBytes I would say the only draw back is long running sessions a...

janderson133 · 12-30-2018

This Splunk search probably isn't efficient, but does what I need it to do (the most recent syslog for a given sessionid is used to extract the total bytes and application -> I then total bytes based on application and finally sort based on largest a...

User Statistics

User Activity

Fortigate 6.0.3 Traffic Log Analysis via Syslog Messages