Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tnhafiz
New Contributor II

Generate report by policies

Hi guys,

 

Currently my fortigates are connecting to a fortianalyzer. All logs from fortigate will be sent to this fortianalyzer.

What I want to know is how can I analyze or generate a report for a specific policies at a specific date and time?

If possible with a specific user also?

 

Thank you in advance

7 REPLIES 7
kallbrandt
Contributor II

You can create pretty much whatever you want to. You'll need to be prepared to write some SQL queries though.

Richie

NSE7

Richie NSE7
tnhafiz
New Contributor II

So how to write it?

Alby23
Contributor II

Hi,

 

try to be more specific telling us what kind of report do you want to create (fields and so on).

tnhafiz
New Contributor II

I want a report that read from a specific policy. In that report I want to know the sources, destinations, time, ports(allow/block), and users of that connections

 

Alby23

SELECT     from_dtime(`dtime`) AS "Time",     COALESCE(NULLIFNA(`user`), IPSTR(`srcip`)) AS "User/IP",     srcip AS "Source IP",     dstip AS "Destination IP",     proto AS "Protocol",     dstport AS "Destination Port",     action AS "Action",     policyid AS "Policy ID" FROM     $log WHERE     $filter

tnhafiz
New Contributor II

May I know where and how to write this code?is there any sample I can follow?

Alby23

Tab "Report", scroll down on the left, "Advanced", "Dataset" then in the upper side "Create New".

 

Paste that code, give the dataset a name, choose "Traffic" in the menu and save.

 

Then go to "Chart Library" and "Create New".

Give the Chart a name, select the Dataset that you've saved, add all the culumns and save.

 

Then add that chart to the Layout of a Report and you're done.

Labels
Top Kudoed Authors