FAZ Reports Creation
-
Upload
richardlaf2011 -
Category
Documents
-
view
222 -
download
0
Transcript of FAZ Reports Creation
-
8/22/2019 FAZ Reports Creation
1/42
www.fortinet.com
Creating Reports with FortiAnalyzer
T E C H N I C A L N O T E
-
8/22/2019 FAZ Reports Creation
2/42
Creating Reports with FortiAnalyzer
25 May 2006
05-30000-0323-20060525
Copyright 2006 Fortinet, Inc. All rights reserved. No part of this
publication including text, examples, diagrams or illustrations may be
reproduced, transmitted, or translated in any form or by any means,
electronic, mechanical, manual, optical or otherwise, for any purpose,
without prior written permission of Fortinet, Inc.
Trademarks
Dynamic Threat Prevention System (DTPS), APSecure, FortiASIC,
FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat
Management System, FortiGuard, FortiGuard-Antispam, FortiGuard-
Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer,
FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter,
FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of
Fortinet, Inc. in the United States and/or other countries. The names of
actual companies and products mentioned herein may be the trademarks
of their respective owners.
-
8/22/2019 FAZ Reports Creation
3/42
Contents
Creating Reports with FortiAnalyzer
05-30000-0323-20060525
Contents
Introduction ........................................................................................ 7
About this document......................................................................................... 7
Fortinet documentation .................................................................................... 7
Fortinet Knowledge Center .......................................................................... 7Comments on Fortinet technical documentation .......................................... 7
Customer service and technical support ........................................................ 8
Configuring log settings.................................................................... 9
Configuring the FortiGate unit ......................................................................... 9
Enabling logging on the FortiGate unit ........................................................... 9
Enabling traffic logging................................................................................ 10
Enabling firewall policy traffic logging ......................................................... 10
Enabling event logging................................................................................ 10
Enabling service logs .................................................................................. 10Configuring the FortiAnalyzer unit ................................................................ 11
Registering the FortiGate unit ..................................................................... 11
Configuring the mail server ......................................................................... 11
Investigating suspected abuse of web access ............................. 13
The situation .................................................................................................... 13
Configuring the report profile......................................................................... 13
Creating a new report profile....................................................................... 13
Setting the devices...................................................................................... 14
Setting the report scope .............................................................................. 14
Setting the report type................................................................................. 14
Setting the report format ............................................................................. 15
Setting the report output.............................................................................. 15
Saving the report profile .............................................................................. 15
Using the report profile................................................................................... 15
Running the report profile............................................................................ 16
Viewing the report ....................................................................................... 16
Understanding each section of the report ................................................... 16
Logging IPs and requested services.............................................. 19
The situation .................................................................................................... 19
-
8/22/2019 FAZ Reports Creation
4/42
Creating Reports with FortiAnalyzer
4 05-30000-0323-20060525
Contents
Configuring the report profile ........................................................................ 19
Creating a new report profile....................................................................... 19
Setting the devices...................................................................................... 20
Setting the report scope.............................................................................. 20
Setting the report type................................................................................. 20
Setting the report format ............................................................................. 20
Setting the report schedule......................................................................... 21
Setting the report output ............................................................................. 21
Saving the report profile.............................................................................. 21
Using the report profile................................................................................... 22
Running the report profile ........................................................................... 22
Viewing the report....................................................................................... 22
Understanding each section of the report ................................................... 22
Finding the most visited web sites ................................................ 25
The situation .................................................................................................... 25
Configuring the report profile ........................................................................ 25
Creating a new report profile....................................................................... 25
Setting the devices...................................................................................... 25
Setting the report scope.............................................................................. 26
Setting the report type................................................................................. 26
Setting the report format ............................................................................. 26
Setting the report schedule......................................................................... 26
Setting the report output ............................................................................. 27
Saving the report profile.............................................................................. 27
Using the report profile................................................................................... 27
Running the report profile ........................................................................... 27Viewing the report....................................................................................... 28
Understanding each section of the report ................................................... 28
Finding the top email users ............................................................ 31
Configuring the report profile ........................................................................ 31
Creating a new report profile....................................................................... 31
Setting the devices...................................................................................... 31
Setting the report scope.............................................................................. 31
Setting the report type................................................................................. 32
Setting the report format ............................................................................. 32
Setting the report schedule......................................................................... 32Setting the report output ............................................................................. 33
Saving the report profile.............................................................................. 33
Using the report profile................................................................................... 33
Running the report profile ........................................................................... 33
Viewing the report....................................................................................... 34
Understanding each section of the report ................................................... 34
-
8/22/2019 FAZ Reports Creation
5/42
Contents
Creating Reports with FortiAnalyzer
05-30000-0323-20060525
Logging access to blocked content ............................................... 37
The situation .................................................................................................... 37
Configuring the report profile......................................................................... 37
Creating a new report profile....................................................................... 37
Setting the devices...................................................................................... 37
Setting the report scope .............................................................................. 38Setting the report type................................................................................. 38
Setting the report format ............................................................................. 38
Setting the report schedule ......................................................................... 38
Setting the report output.............................................................................. 39
Saving the report profile .............................................................................. 39
Using the report profile................................................................................... 39
Running the report profile............................................................................ 39
Viewing the report ....................................................................................... 40
Understanding each section of the report ................................................... 40
-
8/22/2019 FAZ Reports Creation
6/42
Creating Reports with FortiAnalyzer
6 05-30000-0323-20060525
Contents
-
8/22/2019 FAZ Reports Creation
7/42
Introduction About this docum
Creating Reports with FortiAnalyzer
05-30000-0323-20060525
Introduction
FortiAnalyzer units are network appliances that provide integrated tools foranalysis, archive search, log collection, and data storage. Detailed log reports
provide historical as well as current analysis of network traffic, such as email, FTP
and web browsing activity, to help identify security issues and reduce network
misuse and abuse.
This chapter includes the following topics:
About this document
Fortinet documentation
Customer service and technical support
About this documentUsing sample scenarios, this document describes how to:
Configure a FortiGate unit to send log information to a FortiAnalyzer unit
Configure report profiles with a FortiAnalyzer unit to generate reports
This document contains the following chapters:
Configuring log settings
Investigating suspected abuse of web access
Logging IPs and requested services
Finding the most visited web sites
Finding the top email users Logging access to blocked content
Fortinet documentation
The most up-to-date publications and previous releases of Fortinet product
documentation are available from the Fortinet Technical Documentation web site
at http://docs.forticare.com.
Fortinet Knowledge Center
Additional Fortinet technical documentation is available from the FortinetKnowledge Center. The knowledge center contains troubleshooting and how-to
articles, FAQs, technical notes, and more. Visit the Fortinet Knowledge Center at
http://kc.forticare.com.
Comments on Fortinet technical documentation
Please send information about any errors or omissions in this document, or any
Fortinet technical documentation, to [email protected].
http://docs.forticare.com/http://kc.forticare.com/http://kc.forticare.com/http://docs.forticare.com/ -
8/22/2019 FAZ Reports Creation
8/42
Creating Reports with FortiAnalyzer
8 05-30000-0323-20060525
Customer service and technical support Introduction
Customer service and technical support
Fortinet Technical Support provides services designed to make sure that your
Fortinet systems install quickly, configure easily, and operate reliably in your
network.
Please visit the Fortinet Technical Support web site at http://support.fortinet.com
to learn about the technical support services that Fortinet provides.
http://support.fortinet.com/http://support.fortinet.com/ -
8/22/2019 FAZ Reports Creation
9/42
Configuring log settings Configuring the FortiGate u
Creating Reports with FortiAnalyzer
05-30000-0323-20060525
Configuring log settings
This section describes how to: configure the FortiGate unit to send log information to the FortiAnalyzer unit
register the FortiGate unit with the FortiAnalyzer unit
The following topics are included in this section:
Configuring the FortiGate unit
Enabling logging on the FortiGate unit
Configuring the FortiAnalyzer unit
Configuring the FortiGate unit
Configure the FortiGate unit to send log information to the FortiAnalyzer unit and
verify the connection. The FortiGate unit will send all log messages to the
FortiAnalyzer unit.
To configure log settings
1 Go to Log&Report > Log Config > Log Setting.
2 Select FortiAnalyzer.
3 Select the blue arrow next to FortiAnalizer to expand the options.
4 Select a log level.
For maximum reporting capabilities, select Information.
5 Select Static IP Address.
6 Enter the IP address of the FrotiAnalyzer unit and select Apply.
To verify the connection
1 Select Test Connectivity.
You will see a connection summary window confirming the connection. If the
connection fails, verify the IP address.
2 Select Close
The Fortigate unit is now configured to send log information to the FortiAnalyzer,
enabling the FortiAnalyzer to generate reports.
Enabling logging on the FortiGate unit
You must enable logging on the FortiGate unit in order to send logs to the
FortiAnalyzer unit. There are multiple logging options available.
For the examples in this document, you will enable logging options in the following
steps:
-
8/22/2019 FAZ Reports Creation
10/42
Creating Reports with FortiAnalyzer
10 05-30000-0323-20060525
Enabling logging on the FortiGate unit Configuring log settings
Enabling traffic logging
Enabling event logging
Enabling firewall policy traffic logging
Enabling service logs
Enabling traffic logging
Enable traffic logging to record any traffic to and from the interface.
To enable traffic logging
1 Go to System > Network > Interface
2 Select the Edit icon for an interface.
3 Select Log.
4 Select OK.
Enabling firewall policy traffic logging
Enable the firewall policy traffic logging to record the traffic, both permitted and
denied by the firewall policy.
To enable firewall policy traffic logging
1 Go to Firewall > Policy.
2 Select the blue arrow for the traffic directional flow to expand the policy list.
3 Select the Edit icon for a policy.
4 Select Log Allowed Traffic.
5 Select OK.
Enabling event logging
Enable event logging to record management and activity events, such as when aconfiguration has changed, or when VPN events occur.
To enable event logging
1 Go to Log&Report > Log Config > Event Log.
2 Select Enable.
3 Select the following options:
Firewall authentication event
SSL VPN user authentication event
SSL VPN session event
4 Select Apply
Enabling service logs
Enable service logging to record the activity of the FortiGate protection profile,
such as blocked content or web sites.
To enable service logging
1 Go to Firewall > Protection Profile.
-
8/22/2019 FAZ Reports Creation
11/42
Configuring log settings Configuring the FortiAnalyzer u
Creating Reports with FortiAnalyzer
05-30000-0323-20060525
2 Select the Edit icon for a profile.
3 Select the blue arrow for Logging to expand the logging options.
4 Select the following options:
Oversized Files / Emails
Content Block
URL Filter
Log Intrusions
5 Select OK.
Configuring the FortiAnalyzer unit
You must configure the FortiAnalyzer unit to accept log information from
registered FortiGate units and to send reports by email.
Configuring the FortiAnalyzer unit includes the following steps:
Registering the FortiGate unit Configuring the mail server
Registering the FortiGate unit
You must register the FortiGate unit that sends log information to the
FortiAnalyzer unit. By default, the FortiAnalyzer unit will add the FortiGate unit to
its device list. However, you will not be able to generate reports until you register
the FortiGate unit.
To register a FortiGate unit
1 Go to Devices > All.
The FortiGate unit will appear in the device list.
2 Select the Add icon for the FortiGate unit.
The Add icon for an unregistered FortiGate unit is the same as the Edit icon for a
registered unit.
3 Select FortiGate from the Device Type list.
4 Enter a device name, such as WiFi-60A.
5 The serial number of the FortiGate unit automatically appears in the Device ID
field.
Keep all other settings on the Add Device page as defaults.
6 Select OK
The FortiGate unit is now registered to send log information to the FortiAnalyzer.
Configuring the mail server
You must configure a DNS server and an SMTP server to send reports by email,
and test the configuration. The FortiGate unit uses the SMTP server name to
connect to the mail server, and must look up this name on your DNS server.
-
8/22/2019 FAZ Reports Creation
12/42
Creating Reports with FortiAnalyzer
12 05-30000-0323-20060525
Configuring the FortiAnalyzer unit Configuring log settings
To configure the mail server
1 Go to System > Alerts > Mail Server.
2 Select Create New.
3 Select Enable Authentication.
4 Enter the name/address of the SMTP server.
5 Enter the user name for logging on to the SMTP server in the E-Mail Account field.
6 Enter the password for logging on to the SMTP server.
To configure the DNS server
1 Go to System > Network > DNS.
2 Enter the primary DNS server IP address that the FortiAnalyzer unit can connect
to.
3 Enter a secondary DNS server IP address.
To test the mail server configuration
1 Go to System > Alerts > Mail Server.2 Select Modify.
3 Select Test Server.
4 Enter an email address and select Test.
-
8/22/2019 FAZ Reports Creation
13/42
Investigating suspected abuse of web access The situat
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 1
Investigating suspected abuse of
web accessThis section describes how to configure a report about the web activity of a user.
The situation
A manager suspects that an employee is surfing the Web during working hours.
The manager has asked you to send him a report on the web activity of the
suspected employee by email.
The employees IP address in 192.68.2.110.
In this situation, you will need to find:
web sites the user visited
the time of day the visits occurred
For this report, we will examine the web activity of the user over a two week
period.
Configuring the report profile
Configuring a report profile includes the following steps:
Creating a new report profile Setting the devices
Setting the report scope
Setting the report type
Setting the report format
Setting the report output
Saving the report profile
Creating a new report profile
Create a new report profile.
To create a new report profile
1 Go to Report > Config.
2 Select Create New.
3 Enter Web_Activity in the Report Name field.
The report name cannot include spaces.
4 Enter a report title of Monitoring Web Activity.
-
8/22/2019 FAZ Reports Creation
14/42
Creating Reports with FortiAnalyzer
14 05-30000-0323-20060525
Configuring the report profile Investigating suspected abuse of web access
5 Enter a description of This report examines the web activity of a user for the past
two weeks.
Setting the devices
Select the FortiGate unit for the department or office where the user works. The
FortiAnalyzer unit will examine the logs only from this unit.
To set the devices
1 Select the blue arrow for Devices to expand the options.
2 Select the FortiGate unit from the list.
Setting the report scope
Select the time period the report encompasses, and the data filters. For this
report, you need specific information about a user during a two week period. You
can narrow the report to only the requested user with the Data Filter.
To set the report scope
1 Select the blue arrow for Report Scope to expand the options.
2 Select the blue arrow for Time Period to expand the options.
3 Select Last 2 Weeks from the list.
4 Select the blue arrow for Data Filter to expand the options.
5 Select Custom.
6 In the Source(s) field, enter 192.168.2.110, the users IP address.
This narrows the scope of the report to only this user.
Setting the report type
Specify the type of information the FortiAnalyzer unit collects from the logs. For
this report, you need information about the web activity of a particular user duringworking hours. You can narrow the report to the relevant information in the Web
Activity list in the Report Type(s) section.
To set the report type
1 Select the blue arrow for Report Type(s) to expand the options.
2 Select Custom.
3 Clear all the report types.
4 Select the blue arrow for Web Activity to expand the report options.
5 Select the following report types:
Web Traffic by Day of Week Web Traffic by Hour of Day
Top Web Sites (Connections)
Top Web Sites (Traffic)
Top Web Sites by Duration
-
8/22/2019 FAZ Reports Creation
15/42
Investigating suspected abuse of web access Using the report pro
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 1
Setting the report format
Configure how the report displays information. Enable IP addresses to display as
host names. Web sites visited by the user will appear as real URLs rather than as
IP addresses.
To set the report format
1 Select the blue arrow for Report Format to expand the options.
2 Select For all devices from the Report Results.
3 Select Resolve Host Names to display web site address rather than IP addresses.
Setting the report output
Select the format and destination for the report. The FortiAnalyzer unit will email
this report as a PDF to the manager who requested it.
To set the output
1 Select the blue arrow for Output to expand the options.
2 Select PDF for Email output.3 Select Customize subject.
4 Enter the subject for the email.
When Customize subject is not selected, the subject of the email will be the name
of the report.
5 Enter the email address of the manager in the Email list.
6 Select Add.
Saving the report profile
The report profile is now configured to provide the information required.
To save the report profile, select OK.
The FortiAnalyzer unit saves the report profile on its hard drive.
Using the report profileOnce the FortiAnalyzer unit has generated and saved the report, it is available for
viewing. Reports stay in a catalog on the FortiAnalyzer hard drive. You can run
the report again to retrieve updated information.
Using the report includes the following steps:
Running the report
Viewing the report
Understanding each section of the report
Note: The mail server must be configured for the FortiAnalyzer to send reports by email. To
configure the mail server, see Configuring the mail server on page 11.
Note: Setting a schedule is not required for this report because it is not used regularly, only
when a similar problem occurs.
-
8/22/2019 FAZ Reports Creation
16/42
Creating Reports with FortiAnalyzer
16 05-30000-0323-20060525
Using the report profile Investigating suspected abuse of web access
Running the report profile
Running the report profile will generate all the information specified by the report
scope and type.
To run the report
1 Go to Report > Config.
2 Select Go for the Web_Activity report.
The FortiAnalyzer unit generates the report and sends a PDF to the manager by
email.
Viewing the report
You can view reports from the FortiAnalyzer web-based manager.
To view the report
1 Go to Report > Browse.
2 Select the Web_Activity report from the list.
The report name will be followed by a date and an assigned number, for example,Web_Activity-2006-05-01-1001.
Understanding each section of the report
The report will display information in tables and graphs, for example, as shown in
Figure 1.
Figure 1: Tables and graphs in the web activity report
Table 1 gives information about each section of the web activity report.
http://-/?-http://-/?-http://-/?-http://-/?- -
8/22/2019 FAZ Reports Creation
17/42
Investigating suspected abuse of web access Using the report pro
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 1
Table 1: Sections of the web activity report
Web Traffic by
Day of Week
This section displays information about the volume of web trafficgenerated by the user on each day of the week. You can determine ifthe users web traffic is constant or if there are unusual variations thatdo not match the users workload or schedule.
Web Traffic byHour of Day This section displays information about the volume of traffic the usergenerated during each hour of the day. You can determine if the usersweb traffic during work hours is reasonable.
Top Web Sites
(Connections)
This section displays the number of times the user accessed a web site.You can use this information to compare the users access to workrelated and non-work related web sites.
Top Web Sites
(Traffic)
This section displays the volume of content accessed on the top websites. You can use this information to compare the volume of data theuser downloaded from work related and non-work related web sites.
Top Web Sites
by Duration
This section displays the amount of time spent on accessinginformation on each web site. Sites that are accessed or refreshedoften will be at the top of this list. You can use this information todetermine whether the user accessed or refreshed the content of websites not related to work, such as news, sports, or stock sites too often.
-
8/22/2019 FAZ Reports Creation
18/42
Creating Reports with FortiAnalyzer
18 05-30000-0323-20060525
Using the report profile Investigating suspected abuse of web access
-
8/22/2019 FAZ Reports Creation
19/42
Logging IPs and requested services The situat
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 1
Logging IPs and requested services
This section describes how to find the IPs that visited the FortiGate unit, and tofind what services were requested in the last week.
The situation
The network administration wants to track the type of traffic through the FortiGate
unit. They asked you to send them a weekly report by email to track the
performance of the network with respect to the number of hits the network
received during the week. Also, they want to be aware of the demand for certain
services in order to allocate bandwidth more efficiently.
For this report, you will examine the network activity during the last week.
Configuring the report profile
Configuring the report includes the following steps:
Creating a new report profile
Setting the devices
Setting the report scope
Setting the report type
Setting the report format
Setting the report schedule Setting the report output
Saving the report profile
Creating a new report profile
Create a new report profile.
To create a new report profile
1 Go to Report > Config.
2 Select Create New.
3 Enter IPs_and_services in the Report Name field.
The report name cannot include spaces.
4 Enter a report title of IPs and requested services.
5 Enter a description of This report lists the IPs that visited the FortiGate unit, and
the services requested during the past week.
-
8/22/2019 FAZ Reports Creation
20/42
Creating Reports with FortiAnalyzer
20 05-30000-0323-20060525
Configuring the report profile Logging IPs and requested services
Setting the devices
Select the FortiGate unit. The FortiAnalyzer unit will examine the logs from this
unit.
To set the devices
1 Select the blue arrow for Devices to expand the options.
2 Select the FortiGate unit from the list.
Setting the report scope
Select the time period the report encompasses.
To set the report scope
1 Select the blue arrow for Report Scope to expand the options.
2 Select the blue arrow for Time Period to expand the options.
3 Select Last 7 Days for Time Period.
Setting the report typeSelect the type of information the report will collect from the logs. For this report,
you need information about:
network use by IPs
the services, such as http and ssh, requested by network users
You can narrow the report to the relevant information in the Network Activity and
Terminal Activity lists in the Report Type(s) section.
To set the report type
1 Select the blue arrow for Report Type(s) to expand the options.
2 Select Custom.
3 Clear all the boxes in the list of report types.
4 Select the blue arrow for Network Activity to expand the options.
5 Select the following report types:
Traffic by Top Services and Direction
Traffic by Top Sources and Top Services
Traffic by Top Destinations and Top Services
6 Select the blue arrow for Terminal Activity to expand the options.
7 Select Terminal Traffic by Date and Service.
Setting the report formatConfigure how the report displays information. Enable IP addresses to display as
host names. Web pages visited by users will appear as real URLs rather than as
IP addresses. The FortiAnalyzer unit can also display services by names rather
than by port numbers.
To set the report format
1 Select the blue arrow next to Report Format to expand the options.
-
8/22/2019 FAZ Reports Creation
21/42
Logging IPs and requested services Configuring the report pro
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 2
2 Select For all devices from the Report Results list.
3 Select Resolve Host Names to display host names by name, not IP address.
4 Select Resolve Service Names to display network service names rather than port
numbers. For example, HTTP rather than port 80.
By default, there are six items in tables and graphs in the report. For example, in
the Traffic by Top Services and Direction table, the top six services will be shown.The default number can be changed in the Advanced section of the Report
Format page. For this report, you will need the top ten services.
To set the number of items in lists
1 Select the blue arrow next to Advanced to expand the options.
2 Enter 10 for the values for the first variable (1..12).
Setting the report schedule
Configure the schedule so that the report runs automatically every week.
To set the schedule
1 Select the blue arrow for Schedule to expand the options.
2 Select These Days.
3 Select Sun.
4 Select a time of 18 to run the report at 6 p.m.
Setting the report output
Select the format and destination for the report. the FortiAnalyzer will email this
report will as a PDF to the network administration staff.
To set the output
1 Select the blue arrow for Output.
2 Select PDF for Email output.
3 Select Customize subject.
4 Enter the subject for the email.
When Customize subject is not selected, the subject of the email will be the name
of the report.
5 Enter the email addresses of the network administration staff in the Email list.
6 Select Add.
Saving the report profile
The report profile is now configured to provide the information required.
To save the report profile, select OK.
The FortiAnalyzer unit saves the report profile on its hard drive.
Note: The mail server must be configured for the FortiAnalyzer to send reports by email. To
configure the mail server, see Configuring the mail server on page 11.
-
8/22/2019 FAZ Reports Creation
22/42
Creating Reports with FortiAnalyzer
22 05-30000-0323-20060525
Using the report profile Logging IPs and requested services
Using the report profile
Once the FortiAnalyzer unit has generated and saved the report, it is available for
viewing. Reports stay in a catalog, and you can run the report again to retrieve
updated information.
Using the report includes the following steps:
Running the report
Viewing the report
Understanding each section of the report
Running the report profile
Running the report profile will generate all the information specified by the report
scope and type.
To run the report
1 Go to Report > Config.
2 Select Go for the IPs_and_services report.
The FortiAnalyzer unit generates the report and sends a PDF to the network
administrators by email.
Viewing the report
You can view reports from the FortiAnalyzer web-based browser.
To view the report
1 Go to Report > Browse.
2 Select the IPS_and_services report from the list.
The report name will be followed by a date and an assigned number, for example,
IPs_and_services-2006-05-01-1001.
Understanding each section of the report
The report will display information in tables and graphs, for example, as shown in
Figure 2 and Figure 3.
Figure 2: Table in the IPs and services report
-
8/22/2019 FAZ Reports Creation
23/42
Logging IPs and requested services Using the report pro
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 2
Figure 3: Graph in the IPs and services report
Table 2 gives information about each section of the IPs and services report.
Table 2: Sections of the IPs and services report
Traffic by Top
Services andDirection
This section displays the direction of traffic for the most popular
services. The direction can be internal, external, outgoing or incoming.Network administrators can find the percentage of network capacityused for each service and determine the need for a network upgrade.
Traffic by Top
Sources and
Top Services
This section displays the services used by the most active users(sources) of the network. The total volume of traffic generated by eachuser is broken down by service, such as http, pop3 or dns. Networkadministrators can find the most popular services and determine themarket for new services, or for the expansion of existing ones.
Traffic by Top
Destinations
and Top
Services
This section displays the most visited web sites and the servicesaccessed through those web sites. Network administrators candetermine what the bulk of network traffic is used for.
Terminal
Traffic by Date
and Service
This section displays the traffic used by each service, for every day ofthe week. Network administrators can use this information to locatepeaks in network traffic, and to identify the services that take up the
bulk of network capacity. They can further use this information tocorrelate network traffic with network performance indicators from othersources to see if the volume of traffic affects performance.
-
8/22/2019 FAZ Reports Creation
24/42
Creating Reports with FortiAnalyzer
24 05-30000-0323-20060525
Using the report profile Logging IPs and requested services
-
8/22/2019 FAZ Reports Creation
25/42
Finding the most visited web sites The situat
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 2
Finding the most visited web sites
This section describes how to determine the most visited web sites in the lastmonth.
The situation
The marketing department of your company publishes a monthly newsletter, and
wants to include a section on the surfing habits and interests of network users.
They have asked you to send them a monthly report by email, showing the most
visited web sites by network users.
Configuring the report profile
Configuring the report profile includes the following steps:
Creating a new report profile
Setting the devices
Setting the report scope
Setting the report type
Setting the report format
Setting the report schedule
Setting the report output
Saving the report
Creating a new report profile
Create a new report profile.
To create a new report profile
1 Go to Report > Config.
2 Select Create New.
3 Enter hottest_website in the Report Name field.
The report name cannot include spaces.
4 Enter a report title of Hottest web sites last month.5 Enter a description of This report shows the most visited web sites last month
Setting the devices
Select the FortiGate unit. The FortiAnalyzer unit will examine the logs from this
unit.
-
8/22/2019 FAZ Reports Creation
26/42
Creating Reports with FortiAnalyzer
26 05-30000-0323-20060525
Configuring the report profile Finding the most visited web sites
To set the devices
1 Select the blue arrow for Devices to expand the options.
2 Select the FortiGate unit from the list.
Setting the report scope
Select the time period the report encompasses.
To set the report scope
1 Select the blue arrow for Report Scope to expand the options.
2 Select the blue arrow for Time Period to expand the options.
3 Select Last Month for Time Period.
Setting the report type
Specify the type of information the report will collect from the logs.
To set the report type
1 Select the blue arrow for Report Type(s) to expand the options.
2 Select Custom.
3 Clear all the boxes in the list of report types.
4 Select the blue arrow for WebFilter Activity to expand the options.
5 Select the following report types:
Top Categories by Hits
Top Client Requests to Permitted Categories
6 Select the blue arrow for Web Activity to expand the options.
Top Web Sites (Connections)
Top Web Sites (Traffic)
Setting the report format
Configure how the report displays information. Enable IP addresses to display as
host names so you can identify web sites visited by the users.
To set the report format
1 Select the blue arrow next to Report Format to expand the options.
2 Select For all devices from the Report Results list.
3 Select Resolve Host Names to display host names by name, not IP address.
Setting the report scheduleConfigure the schedule so that the report runs automatically every month.
To set the schedule
1 Select the blue arrow for Schedule to expand the options.
2 Select These Dates.
3 Enter 28 to run the report on the 28th of every month.
-
8/22/2019 FAZ Reports Creation
27/42
Finding the most visited web sites Using the report pro
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 2
4 Select a time of 18 to run the report at 6 p.m.
Setting the report output
Select the format and destination for the report. The FortiAnalyzer unit will email
this report as a PDF to the marketing department.
To set the output
1 Select the blue arrow for Output to expand the options.
2 Select PDF for Email output.
3 Select Customize subject.
4 Enter the subject for the email.
When Customize subject is not selected, the subject of the email will be the name
of the report.
5 Enter the email addresses of the marketing department staff in the Email list.
6 Select Add.
Saving the report profile
The report profile is now configured to provide the information required.
To save the report profile, select OK.
The FortiAnalyzer unit saves the report profile on its hard drive.
Using the report profile
Once the FortiAnalyzer unit has generated and saved the report, it is available for
viewing. Reports stay in a catalog on the FortiAnalyzer hard drive. You can run
the report again to retrieve updated information.
Using the report includes the following steps:
Running the report
Viewing the report
Understanding each section of the report
Running the report profile
Running the report profile will generate all the information specified by the report
scope and type.
To run the report
1 Go to Report > Config.
2 Select Go for the hottest_website report.
The FortiAnalyzer unit will generate the report and send a PDF to the manager by
email.
Note: The mail server must be configured for the FortiAnalyzer to send reports by email. To
configure the mail server, see Configuring the mail server on page 11.
-
8/22/2019 FAZ Reports Creation
28/42
Creating Reports with FortiAnalyzer
28 05-30000-0323-20060525
Using the report profile Finding the most visited web sites
Viewing the report
You can view reports from the FortiAnalyzer web-based manager.
To view the report
1 Go to Report > Browse.
2 Select the hottest_website report from the list.The report name will be followed by a date and an assigned number, for example,
hottest_website-2006-05-01-1001.
Understanding each section of the report
The report will display information in tables and graphs, for example, as shown in
Figure 4 and Figure 5.
Figure 4: Table in the most visited web site report
Figure 5: Graph in the most visited web site report
-
8/22/2019 FAZ Reports Creation
29/42
Finding the most visited web sites Using the report pro
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 2
Table 3 gives information about each section of the hottest web site report.
Table 3: Sections of the most visited web site report
Top Categories
by Hits
This section displays the number of times web sites in each categorywere accessed by users on the network. The most popular categoriesshow the surfing habits and interests of users.
Top Client
Requests to
Permitted
Categories
This section displays the most active users on the network and thenumber of times those users accessed web sites in each category.
Top Web Sites
(Connections)
This section displays the top web sites rated by the number of hits theyreceived. This is one of the methods of rating the popularity of a website.
Top Web Sites
(Traffic)
This section displays the top web sites rated by the volume of contentusers downloaded. This is one of the methods of rating the popularity ofthe content on a web site. A web site accessed often but with low trafficmay not be popular since users are not staying to access its content.
-
8/22/2019 FAZ Reports Creation
30/42
Creating Reports with FortiAnalyzer
30 05-30000-0323-20060525
Using the report profile Finding the most visited web sites
-
8/22/2019 FAZ Reports Creation
31/42
Finding the top email users Configuring the report pro
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 3
Finding the top email users
This section describes how to configure a report about the top email users on anetwork.
Configuring the report profile
Configuring a report includes the following steps:
Creating a new report profile
Setting the devices
Setting the report scope
Setting the report type
Setting the report format
Setting the report schedule
Setting the report output
Saving the report profile
Creating a new report profile
Create a new report profile.
To create a new report profile
1 Go to Report > Config.
2 Select Create New.
3 Enter Mail_users in the Report Name field.
The report name cannot include spaces.
4 Enter a report title of Top mail users.
5 Enter a description of This report displays the top email users on the network for
the past month.
Setting the devices
Select the FortiGate unit to examine. The FortiAnalyzer unit will examine the logs
from this unit.
To set the devices1 Select the blue arrow for Devices to expand the options.
2 Select the FortiGate unit from the list.
Setting the report scope
Select the time period the report encompasses.
-
8/22/2019 FAZ Reports Creation
32/42
Creating Reports with FortiAnalyzer
32 05-30000-0323-20060525
Configuring the report profile Finding the top email users
To set the report scope
1 Select the blue arrow for Report Scope to expand the options.
2 Select the blue arrow for Time Period to expand the options.
3 Select Last 2 Weeks from the list.
Setting the report typeYou will now specify the type of information the report will collect from the logs.
For this report, you need information about the email use on the network. You can
narrow the report to the relevant information in the MailFilter Activity and the Mail
Activity lists in the Report Type(s) section.
To set the report type
1 Select the blue arrow for Report Type(s) to expand the options.
2 Select Custom.
3 Clear all the report types.
4 Select the blue arrow for MailFilter Activity to expand the options.
5 Select the following report types:
Top Mail Senders
Top Mail Receivers
6 Select the blue arrow for Mail Activity to expand the options.
7 Select the following report types:
Top Mail Clients (Connections)
Top Mail Clients (Traffic)
Setting the report format
Configure how the report displays information. Enable IP addresses to display as
host names so you can identify web sites visited by the users.
To set the report format
1 Select the blue arrow for Report Format to expand the options.
2 Select For all devices from the Report Results.
By default, there are six items in tables and graphs in the report. For example, in
the Top Mail Senders table, the top six senders will be shown. The default number
can be changed in the Advanced section of the Report Format page. For this
report, you will need the top five email users.
To set the number of items in lists
1 Select the blue arrow next to Advanced to expand the options.
2 Enter 5 for the values for the first variable (1..12).
Setting the report schedule
Select the schedule so that the report runs automatically every week.
To set the schedule
1 Select the blue arrow for Schedule to expand the options.
-
8/22/2019 FAZ Reports Creation
33/42
Finding the top email users Using the report pro
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 3
2 Select These Days.
3 Select Sun.
4 Select a time of 18 to run the report at 6 p.m.
Setting the report output
Select the format and destination for the report. The FortiAnalyzer will email thisreport as a PDF to the manager who requested it.
To set the output
1 Select the blue arrow for Output to expand the options.
2 Select PDF for Email output.
3 Select Customize subject.
4 Enter the subject for the email.
When Customize subject is not selected, the subject of the email will be the name
of the report.
5 Enter the email addresses of the managers in the Email list.6 Select Add.
Saving the report profile
The report profile is now configured to provide the information required.
To save the report profile, select OK.
The FortiAnalyzer unit saves the report profile on its hard drive.
Using the report profile
Once the FortiAnalyzer unit has generated and saved the report, it is available for
viewing. Reports stay in a catalog, and you can run the report again to retrieve
updated information.
Using the report includes the following steps:
Running the report
Viewing the report
Understanding each section of the report
Running the report profile
Running the report profile will generate all the information specified by the report
scope and type.
To run the report
1 Go to Report > Config.
2 Select Go for the Mail_users report.
Note: The mail server must be configured for the FortiAnalyzer to send reports by email. To
configure the mail server, see Configuring the mail server on page 11.
-
8/22/2019 FAZ Reports Creation
34/42
Creating Reports with FortiAnalyzer
34 05-30000-0323-20060525
Using the report profile Finding the top email users
The FortiAnalyzer unit will generate the report and send a PDF to the manager by
email.
Viewing the report
You can view reports from the FortiAnalyzer web-based browser.
To view the report
1 Go to Report > Browse.
2 Select the Mail_users report from the list.
The report name will be followed by a date and an assigned number, for example,
Mail_users-2006-05-01-1001.
Understanding each section of the report
The report will display information in tables and graphs, for example, as shown in
Figure 6 and Figure 7.
Figure 6: Table in the mail users report
Figure 7: Graph in the mail users report
-
8/22/2019 FAZ Reports Creation
35/42
Finding the top email users Using the report pro
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 3
Table 4 gives information about each section of the report.
Table 4: Sections of the mail users report
Top Mail
Senders
This section displays the email addresses of users that sent the mostemails to users on the network.
Top Mail
Receivers
This section displays the email addresses of users that received the
most mail on the network.Top Mail
Clients
(Connections)
This section displays the IP addresses or host names of the mail clientsthat received the most hits on the network.
Top Mail
Clients (Traffic)
This section displays the IP addresses or host names of the mail clientsthat received the highest volume of email on the network.
-
8/22/2019 FAZ Reports Creation
36/42
Creating Reports with FortiAnalyzer
36 05-30000-0323-20060525
Using the report profile Finding the top email users
-
8/22/2019 FAZ Reports Creation
37/42
Logging access to blocked content The situat
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 3
Logging access to blocked content
This section describes how to configure a report about users who attempted tosurf to blocked web sites last month.
The situation
The network managers need a report to assess the effectiveness of the web filter
used by the network and the surfing trends of network users. They have asked
you to send them a weekly report on the number of attempts to access blocked
content.
Configuring the report profile
Configuring a report profile includes the following steps:
Creating a new report profile
Setting the devices
Setting the report scope
Setting the report type
Setting the report format
Setting the report schedule
Setting the report output
Saving the report profile
Creating a new report profile
Create a new report profile.
To create a new report profile
1 Go to Report > Config.
2 Select Create New.
3 Enter Blocked_content in the Report Name field.
The report name cannot include spaces.
4 Enter a report title of Accessing blocked content.5 Enter a description of This report displays users who attempted to access
blocked content on the web every week.
Setting the devices
Select the FortiGate unit to examine. The FortiAnalyzer unit will examine the logs
from this unit.
-
8/22/2019 FAZ Reports Creation
38/42
Creating Reports with FortiAnalyzer
38 05-30000-0323-20060525
Configuring the report profile Logging access to blocked content
To set the devices
1 Select the blue arrow for Devices to expand the options.
2 Select the FortiGate unit from the list.
Setting the report scope
Select the time period the report encompasses, and the data filters. For thisreport, you need specific information about a user during a two week period. You
can narrow the report to only the requested user with the Data Filter.
To set the report scope
1 Select the blue arrow for Report Scope to expand the options.
2 Select the blue arrow for Time Period to expand the options.
3 Select Last 7 Days from the list.
Setting the report type
Specify the type of information the report will collect from the logs. For this report,
you need information about users whose web activity was blocked. You cannarrow the report to the relevant information in the WebFilter Activity list in the
Report Type(s) section.
To set the report type
1 Select the blue arrow for Report Type(s) to expand the options.
2 Select Custom.
3 Clear all the report types.
4 Select the blue arrow for WebFilter Activity to expand the options.
5 Select the following report types:
Top Client Attempts at Blocked Web Sites
Total WebFilter Events by Status
WebFilter Events by Top Sources and Status
Top Blocked Users
Top Blocked Sites
Top Client Attempts to Blocked Categories
Setting the report format
Configure how the report displays information. Enable IP addresses to display as
host names so you can identify web sites visited by the users.
To set the report format
1 Select the blue arrow for Report Format to expand the options.
2 Select For all devices from the Report Results.
3 Select Resolve Host Names to display web site address rather than IP addresses.
Setting the report schedule
Configure the schedule so that the report runs automatically every week.
-
8/22/2019 FAZ Reports Creation
39/42
Logging access to blocked content Using the report pro
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 3
To set the schedule
1 Select the blue arrow for Schedule to expand the options.
2 Select These Days.
3 Select Sun.
4 Select a time of 18 to run the report at 6 p.m.
Setting the report output
Select the format and destination for the report. The FortiAnalyzer unit will email
this report as a PDF to the network managers who requested it.
To set the output
1 Select the blue arrow for Output to expand the options.
2 Select PDF for Email output.
3 Select Customize subject.
4 Enter the subject for the email.
When Customize subject is not selected, the subject of the email will be the nameof the report.
5 Enter the email addresses of the network managers in the Email list.
6 Select Add.
Saving the report profile
The report profile is now configured to provide the information required.
To save the report profile, select OK.
The FortiAnalyzer unit saves the report profile on its hard drive.
Using the report profile
Once the FortiAnalyzer unit has generated and saved the report, it is available for
viewing. Reports stay in a catalog on the FortiAnalyzer hard drive. You can run
the report again to retrieve updated information.
Using the report includes the following steps:
Running the report
Viewing the report Understanding each section of the report
Running the report profile
Running the report profile will generate all the information specified by the report
scope and type.
Note: The mail server must be configured for the FortiAnalyzer to send reports by email. To
configure the mail server, see Configuring the mail server on page 11.
-
8/22/2019 FAZ Reports Creation
40/42
Creating Reports with FortiAnalyzer
40 05-30000-0323-20060525
Using the report profile Logging access to blocked content
To run the report
1 Go to Report > Config.
2 Select Go for the Blocked_content report.
The FortiAnalyzer unit will generate the report and send a PDF to the manager by
email.
Viewing the report
You can view reports from the FortiAnalyzer web-based manager.
To view the report
1 Go to Report > Browse.
2 Select the Blocked_content report from the list.
The report name will be followed by a date and an assigned number, for example,
Blocked_content-2006-05-01-1001.
Understanding each section of the report
The report will display information in tables and graphs, for example, as shown in
Figure 8 and Figure 9.
Figure 8: Tables in the blocked content report
Figure 9: Graphs in the blocked content report
-
8/22/2019 FAZ Reports Creation
41/42
Logging access to blocked content Using the report pro
Creating Reports with FortiAnalyzer
05-30000-0323-20060525 4
Table 5 gives information about each section of the report.
Table 5: Sections of the blocked content report
Top Client
Attempts to
Blocked Web
Sites
This section displays the number of attempts to access blocked websites for users who made the highest number of attempts.
WebFilter
Events by Top
Sources and
Status
This section displays the amount of traffic blocked by and allowedthrough the FortiGate unit, rated by the top users on the network.
Top Client
Attempts at
Blocked
Categories
This section displays the top clients that attempted to access blockedcontent rated by the number of attempts.
Total WebFilter
Events by
Status
This section displays the amount of traffic blocked by and allowedthrough the FortiGate unit.
Top Blocked
Users
This section displays the top blocked users rated by the number of
blocked attempts at accessing content.
Top Blocked
Sites
This section displays the top blocked sites rated by the number ofblocked attempts at accessing them.
-
8/22/2019 FAZ Reports Creation
42/42
Using the report profile Logging access to blocked content