Our customer want to see all the web filter overrides, made last month.
Is there a way to get these in the Fortigate Reporting with username, date and url ?
I cant found any charts on the Fortianalyzer. In a Fortigate Guide i found out, that all the override events are logged under "Forward Traffic". Is there a chart to show the "Forward Traffic", filtered by override events ?
I think you could check in FortiView, in the WebFilter logs, to see if the values of the log fields ovrdtbl and ovrdid are meaningful. Try searching something like
I really don't know the actual content of these log fields, but they sound like having a link with the override events. After finding some values here, the other log fields will show you the user, date&time etc. In the end you should build a dataset based on your FortiView findings.
Good luck (but please keep us posted with your findings!)
Actually, the search format "-<log_field>=NULL" may not work, it depends on the data type of the field. For instance, such a query does not work in $log-traffic for the array-type fields (like threats, threatcnts, threattyps). These fields are described in the database schema as text or integer arrays:
I'm not aware of any other way to explore such fields but by using SQL queries in custom datasets, where you can use the 'is null' or 'is not null' logical test.
So, in case the ovrdtbl field would be an array, the FortiView couldn't help you to quickly explore the overrides logging issue. But the override fields are actually described in the database schema as
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.