Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Oblivionking
New Contributor

Custom report

Hello! Could you please help me with creating custom report templates.

I want to create report with specific columns (example is in attached file).

 

And one more question - Can I add to report some of Active Directory atributes?

tel  +7 7222 600006
fax  +7 7222 604740

1 Solution
hzhao_FTNT

In most cases, we can not see HOSTNAME of the user PC in log. Maybe you can select srcip in dataset, then enable "Resolve Hostname" in chart setting. If the srcip can be resolved by your DNS, then you will see hostname in report output.

View solution in original post

5 REPLIES 5
hzhao_FTNT
Staff
Staff

Please try:

select to_char(from_dtime(dtime), 'dd.mm.yyyy') as daystamp, coalesce(nullifna(`user`), nullifna(`unauthuser`), 'N/A') as user_src, coalesce(`srcname`, ipstr(`srcip`)) as dev_src, catdesc, hostname as website, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth from $log where $filter and hostname is not null and logid_to_int(logid) not in (4, 7, 14) and (countweb>0 or ((logver is null or logver<52) and (hostname is not null or utmevent in ('webfilter', 'banned-word', 'web-content', 'command-block', 'script-filter')))) group by daystamp, user_src, dev_src, catdesc, website order by daystamp desc, bandwidth desc

 

Not sure which attribute of AD do you need. We do support ldap filter for report, so you can add group filter based on AD.

 

regards,

hz

 

Oblivionking

Hello. It's very usefull and looks great!

But one more question - Could we add to report the HOSTNAME of the user PC?

hzhao_FTNT

In most cases, we can not see HOSTNAME of the user PC in log. Maybe you can select srcip in dataset, then enable "Resolve Hostname" in chart setting. If the srcip can be resolved by your DNS, then you will see hostname in report output.

Oblivionking

Ok. Thanks.

Last question: In report filter we can choose only two parameters (Equals or Not Equals). We need filter all bandwidth results less than 1MB from report. Is it possible?

hzhao_FTNT

Hi there,

 

It is not possible to make a report/chart filter with less or greater. To filter out session less than 1MB, you have to put this filter in SQL query. For example, select **** from **** group by **** having sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) >= 1048576 order by ****

 

regards,

hz

Labels
Top Kudoed Authors