Reliable webfilter statistics
Introduction
FortiOS 6.2.0 provides command line tools to view the webfilter statistics report. These command line tools currently fall into either proxy-based or flow-based webfilter statistics commands.
Proxy-based webfilter statistics report
l The proxy-based webfilter statistics command line tools are as follows. These commands are available in both global or per-VDOM command lines.
#diagnose wad filter <—-define the interested objects for output (global) # diag wad ? console-log Send WAD log messages to the console. debug Debug setting. stats Show statistics.
filter Filter for listing sessions or tunnels. <—-use filter to filter-out interested object and output kxp SSL KXP diagnostics. user User diagnostics. memory WAD memory diagnostics.
restore Restore configuration defaults. history Statistics history. session Session diagnostics. tunnel Tunnel diagnostics. webcache Web cache statistics. worker Worker diagnostics. csvc Cache service diagnostics.
#diagnose wad stat filter list/clear <—-list/clear WebFiltering/DLP statistics report l In the example below, there are two VDOMs using proxy-based policies which have webfilter profiles enabled. The command line can be used to view the proxy-based webfilter statistics report.
(global) # diag wad filter ? list Display current filter. clear Erase current filter settings. src Source address range to filter by. dst Destination address range to filter by.
sport Source port range to filter by. dport Destination port range to filter by. vd Virtual Domain Name. <—-filter for per-vdom or global statistics report explicit-policy Index of explicit-policy. -1 matches all. firewall-policy Index of firewall-policy. -1 matches all. drop-unknown-session Enable drop message unknown sessions. negate Negate the specified filter parameter. protocol Select protocols to filter by.
FGT_600D-ICAP-NAT (global) # diag wad filter vd <vdom> Virtual Domain Name. ALL all vdoms root vdom vdom1 vdom
FGT_600D-ICAP-NAT (global) # diag wad filter vd root <—-filter-out root vdom statistics
Drop_unknown_session is enabled.
FGT_600D-ICAP-NAT (global) # diag wad stats filter list filtering of vdom root <—-Displayed the WF statistics for root vdom
dlp = 0 <—-Number of Reuqest that DLP Sensor processed;
content-type = 0 <—-Number of Reuqest that matching content-type filter;
| urls: | |
| examined = 6 examined; | <—-Number of Request that Proxy Web-Filter(all wad daemons) |
| allowed = 3 | <—-Number of Request that be allowed in the examined requests; |
| blocked = 0 | <—-Number of Request that be blocked in the examined requests; |
| logged = 0 | <—-Number of Request that be logged in the examined requests; |
overridden = 0 <—-Number of Request that be overrided to another webfilter
profile in the examined requests;
FGT_600D-ICAP-NAT (global) # diag wad filter vd vdom1 <—-filter-out vdom1 statistics
FGT_600D-ICAP-NAT (global) # diag wad stats filter list filtering of vdom vdom1 <—-Displayed the WF statistics for vdom1 dlp = 0 content-type = 0 urls:
examined = 13 allowed = 2 blocked = 9 logged = 8 overridden = 0 FGT_600D-ICAP-NAT (global) # diag wad filter vd ALL
FGT_600D-ICAP-NAT (global) # diag wad stats filter list
filtering of all accessible vdoms <—-global statistics is sum of two VDOMs dlp = 0 content-type = 0 urls:
examined = 19 allowed = 5 blocked = 9 logged = 8 overridden = 0
Flow-based webfilter statistics report
- The flow-based webfilter statistics command line tools are as follows. These commands are available in global command lines only.
(global) # diag test app ipsmonitor IPS Engine Test Usage:
| 1: Display IPS engine information
2: Toggle IPS engine enable/disable status 3: Display restart log 4: Clear restart log 5: Toggle bypass status 6: Submit attack characteristics now 10: IPS queue length 11: Clear IPS queue length 12: IPS L7 socket statistics 13: IPS session list 14: IPS NTurbo statistics 15: IPSA statistics 18: Display session info cache 19: Clear session info cache 21: Reload FSA malicious URL database 22: Reload whitelist URL database 24: Display Flow AV statistics 25: Reset Flow AV statistics 27: Display Flow urlfilter statistics 28: Reset Flow urlfilter statistics |
|
| 29: Display global Flow urlfilter statistics Statistics | <—-List the Flow Web Filtering |
| 30: Reset global Flow urlfilter statistics
Statistics 96: Toggle IPS engines watchdog timer 97: Start all IPS engines 98: Stop all IPS engines 99: Restart all IPS engines and monitor |
<—-Reset the Flow Web Filtering |
- In the example below, there are two VDOMs using flow-based policies which have webfilter profiles enabled. The command line can be used to view the flow-based webfilter statistics report.
(global) # diag test app ipsmonitor 29 Global URLF states: request: 14 <—-Number of Requests that Flow Web-Filter(all ips engines) received; response: 14 <—-Number of Response that Flow Web-Filter(all ips engines) sent; pending: 0 <—-Number of Requests that under processing at that moment; request error: 0 <—-Number of Request that have error; response timeout: 0 <—-Number of response that ips engine not been received in-
time;
blocked: 12 <—-Number of Request that Flow Web-Filter blocked; allowed: 2 <—-Number of Request that Flow Web-Filter allowed;
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!