Custom FortiAnalyzer Reports

**FortinetGURU** · 09-10-2016, 11:13 AM

I am half tempted to make a section where you can download custom FortiAnalyzer reports. Would that be something of interest for surfers here?

**thewaking** · 09-22-2016, 12:34 PM

Yessssss!!

**FortinetGURU** · 09-22-2016, 04:04 PM

Sweet. I'm trying to line some up so I can share the wealth :-)

**AUFWGURU** · 09-28-2016, 10:42 PM

I have a FortiAnalyzer, but lack the the desire to learn how to build/get reports with it.. Though I do enjoy the active logs and filtering the logs.. I wish I would export those to a usable report...

**FortinetGURU** · 09-29-2016, 04:08 PM

Yeah. Play with it. I know it is hard to get motivated for but it definitely helps in the long run when you are looking for some deep facts.

**cgauss** · 02-08-2017, 11:28 PM

It would be awesome to be able to download some customs. The report writer isn't too impressive. There is a ton of data but no real easy way to get access to it.

I thought about dumping it to mySQL and using Crystal to write some reports against it. I see that they have deprecated any sort of SQL support in the latest versions though.

Did play around with a couple customs. Tried to come up with a change management report. Some sort of log of failed admin logins and some sort of successful admin login and logoffs. Always ran into issues when it came to sorting the records.

**FortinetGURU** · 02-09-2017, 09:21 AM

Yeah, I'm working on a page that will be loaded down with various custom reports. I'm not the strongest at SQL etc so it is taking me some time but it should be pretty cool :-)

**cgauss** · 02-09-2017, 09:37 AM

I had to laugh... my SE came up and gave me the dog and pony show regarding the Analyzer before we purchased it. He said he was told that you would not need to know SQL in order to do customs. Then he played with it and asked how to do custom reports. They told him datasets. He said.... isnt that f*$kin SQL?

**FortinetGURU** · 02-09-2017, 09:52 AM

ABSOLUTELY haha. You can do basic scutt with the datasets they already have without knowing SQL. But if they don't provide the information you need already you are going to have to get down to the nitty gritty of it all.

**cgauss** · 02-14-2017, 09:28 AM

Since I live in a world of auditors and examiners, the financial realm, I try to provide tabular reports. I just can't figure out sorting on the Analyzer.

Here are a couple custom datasets I was playing with:

Failed admin logins
select devid, from_dtime(dtime) as timestamp, srcip, ui, method, `user` as f_user, reason, msg, status from $log where $filter and status = 'failed'

Admin login logout
select devid, from_dtime(dtime) as timestamp, srcip, ui, method, `user` as f_user, reason, msg, status, action from $log where $filter and ((action = 'login' or action = 'logout' ) and status = 'success')

Changes
select from_dtime(dtime) as timestamp, `user`, ui, action, msg, logdesc, cfgpath, cfgobj, cfgattr, devid from $log where $filter and (action = 'Add' or action = 'Edit' or action = 'Delete')

Thread: Custom FortiAnalyzer Reports

Thread Tools

Search Thread

Display

Hybrid View

Custom FortiAnalyzer Reports

Posting Permissions