FortiAnalyzer units can analyze information collected from the log files of managed log devices. It then presents the information in tabular and graphical reports that provide a quick and detailed analysis of activity on your networks.
To reduce the number of reports needed, reports are independent from devices, and contain layout information in the form of a report template. The devices, and any other required information, can be added as parameters to the report at the time of report generation.
The Reports tab allows you to configure reports using the predefined report templates, configure report schedules, view report history and the report calendar, and configure and view charts, macros, datasets, and output profiles.
If ADOMs are enabled, each ADOM will have its own report settings including chart library, macro library, dataset library, and output profiles.
FortiCache, FortiMail and FortiWeb reports are available when ADOMs are enabled. Reports for these devices are configured within their respective default ADOM. These devices also have device specific charts and datasets.
This chapter contains the following sections:
- Report layouts
- Chart library
- Macro library
- Report calendar
FortiAnalyzer includes preconfigured reports and report templates for FortiGate, FortiMail, and FortiWeb log devices. These report templates can be used as is, or you can clone and edit the templates. You can also create new reports and report templates that can be customized to your requirements. For a list of preconfigured reports see “Report Templates” on page 207.
Predefined report templates are identified by a blue report icon, , and custom report templates are identified by a green report icon, . When a schedule has been enabled, the schedule icon, , will appear to the left of the report template name.
In the Reports tab, go to Reports > [report] to view and configure the report configuration, advanced settings, and layout, and to view completed reports. The currently running reports and completed reports are shown in the View Report tab, see “View report tab” on page 173.
Figure 118:Report page
Right-clicking on a template in the tree menu opens a pop-up menu with the following options:
|Create New||Create a new report. See “To create a new report:” on page 167.
Custom report templates are identified by the custom report icon, , beside the report name. Predefined report templates are identified by the predefined report icon, .
Rename Rename a report.
|Clone||Clone the selected report. See “To clone a report:” on page 167.|
|Delete||Delete the report. The default reports cannot be deleted. See “To delete a report:” on page 167.|
|Import||Import a report. See “Import and export” on page 167.|
Export Export a report. See “Import and export” on page 167.
|Create New||Create a new report folder. See “To create a new report folder:” on page 168.|
Rename Rename a report folder. See “To rename a report folder:” on page 168.
Delete Delete a report folder. Any report templates in the folder will be deleted. See “To delete a report folder:” on page 168.
Reports and report templates can be created, edited, cloned, and deleted. You can also import and export report templates. New content can be added to and organized on a template, including: new sections, three levels of headings, text boxes, images, charts, and line and page breaks.
To create a new report:
- In the Reports tab, right-click on Reports in the tree menu.
- Under the Report heading, select Create New.
The Create New Report dialog box opens.
- Enter a name for the new report and select OK.
- Configure report settings in the Configuration tab. The configuration tab includes time period, device selection, report type, schedule, and notifications.
- Select the Report layouts to configure the report template.
- Select the Advanced settings tab to configure report filters and other advanced settings.
- Select Apply to save the report template.
To clone a report:
- Right-click on the report you would like to clone in the tree menu and select Clone.
The Clone Report Template dialog box opens.
- Enter a name for the new template, then select OK.
A new template with the same information as the original template is created with the given name. You can then modify the cloned report as required.
To delete a report:
- Right-click on the report template that you would like to delete in the tree menu, and select Delete under the Report
- In the confirmation dialog box, select OK to delete the report template.
Import and export
Report templates can be imported from and exported to the management computer.
To import a report template:
- Right-click on Reports, and select Import.
The Import Report Template dialog box opens.
- Select Browse, locate the report template (.dat) file on your management computer, and select OK.
The report template will be loaded into the FortiAnalyzer unit.
To export a report template:
- Right-click on the report you would like to export in the tree menu and select Export.
- If a dialog box opens, select to save the file (.dat) to your management computer, and select OK.
The report template can now be imported to another FortiAnalyzer device.
Report folders can be used to help organize your reports.
To create a new report folder:
- In the Reports tab, right-click on Reports in the tree menu.
- Under the Folder heading, select Create New.
- In the Create New Folder dialog box, enter a name for the folder, and select OK.
A new folder is created with the given name.
To rename a report folder:
- Right-click on the report folder that you need to rename in the tree menu.
- Under the Folder heading, select Rename.
- In the Rename Folder dialog box, enter a new name for the folder, and select OK.
To delete a report folder:
- Right-click on the report folder that you would like to delete in the tree menu, and select Delete under the Folder
- In the confirmation dialog box, select OK to delete the report folder.
In FortiAnalyzer v5.2.0 and later, the Reports tab layout has changed. When creating a new report, the Configuration tab is the first tab that is displayed. In this tab you can configure the time period, select devices, enable schedules, and enable notification.
Report schedules provide a way to schedule an hourly, daily, weekly, or monthly report so that the report will be generated at a specific time. You can also manually run a report schedule at any time, and enable or disable report schedules. Report schedules can also be edited and disabled from the Report Calendar. See “Report calendar” on page 198 for more information.
Figure 119:Configuration tab
The following settings are available in the Configuration tab:
|Time Period||The time period that the report will cover. Select a time period, or select Other to manually specify the start and end date and time.|
|Devices||The devices that the report will include. Select either All Devices or Specify to add specific devices. Select the add icon, , to select devices.|
|User or IP||Enter the user name or the IP address of the user on whom the report will be based.
This field is only available for the three predefined report templates in the Detailed User Report folder.
|Type||Select either Single Report (Group Report) or Multiple Reports (Per-Device).
This option is only available if multiple devices are selected.
|Enable Schedule||Select to enable report template schedules.|
|Select when the report is generated.
Enter a number for the frequency of the report based on the time period selected from the drop-down list.
|Starts On||Enter a starting date and time for the file generation.|
|Ends||Enter an ending date and time for the file generation, or set it for never ending.|
|Enable Notification||Select to enable report notification.|
|Output Profile||Select the output profile from the drop-down list, or select Create New, , to create a new output profile. See “Output profile” on page 203.|
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos