Managing reports

You can manage reports by going to Reports > Report Definitions > All Reports. Some options are available as buttons on the toolbar. Some options are available in the right-click menu. Right-click a report to display the menu.

Option	Description
Create New	Creates a new report. You can choose whether to base the new report on a report template.
Edit	Edits the selected report.
Delete	Deletes the selected report.
Clone	Clones the selected report.
Run report	Generates a report.
Folder	Organizes reports into folders.
Import	Imports a report from a management computer.
Export	Exports a report to a management computer.
Show Scheduled Only	Filters the list to include only reports that have been run or are scheduled to be run.

Organizing reports into folders

You can create folders to organize reports.

To organize reports into folders:

1. If using ADOMs, ensure that you are in the correct ADOM.
2. Go to Reports > Report Definitions > All Reports.
3. Click Folder in the toolbar, and select Create New Folder.
4. Specify the folder name and location and click OK. The folder is now displayed in the report list.

You can now create, clone, or import reports into this folder.

Importing and exporting reports

You can transport a report between FortiAnalyzer units. You can export a report from the FortiAnalyzer unit to the management computer. The report is saved as a .dat file on the management computer. You can then import the report file to another FortiAnalyzer unit.

To export reports:

1. If using ADOMs, ensure that you are in the correct ADOM.
2. Go to Reports > Report Definitions > All Reports.
3. In the content pane, select a report, and select More > Export in the toolbar to save the file to the management computer.

To import reports:

1. If using ADOMs, ensure that you are in the correct ADOM.
2. Go to Reports > Report Definitions > All Reports.
3. In the content pane, click More > Import in the toolbar. The Import Report dialog box opens.
4. Drag and drop the report file onto the dialog box, or click Browse and locate the file to be imported on your local computer.
5. Select a folder to save the report to from the dropdown list.
6. Click OK to import the report.

Report template library

Because the cut, copy, and paste functions need access to the clipboard of your operating system, some Internet browsers either block it when called from the layout editor toolbar, or ask you to explicitly agree to it. If you’re blocked from accessing the clipboard by clicking the respective cut, copy and paste buttons from the toolbar or context menu, you can always use keyboard shortcuts.

A report template defines the charts and macros that are in the report, as well as the layout of the content.

You can use the following items to create a report template:

• Text l Images l Tables
• Charts that reference datasets l Macros that reference datasets

Datasets for charts and macros specify what data are used from the Analytics logs when you generate the report. You can also create custom charts and macros for use in report templates.

Creating report templates

You can create a report template by saving a report as a template or by creating a totally new template.

To create a report template:

1. If using ADOMs, ensure that you are in the correct ADOM.
2. Go to the Reports > Report Definitions> Templates.
3. In the toolbar of the content pane, click Create New.
4. Set the following options:
   3. If you are in a Security Fabric ADOM, the Category must be SecurityFabric. d. Language.
5. Use the toolbar to insert and format text and graphics for the template. In particular, use the Insert Chart and Insert Macro buttons to insert charts and macros into the template.

For a description of the fields, see Reports Layout tab on page 120. For information about creating charts and macros, see Creating charts on page 130 and Creating macros on page 134.

6. Click OK.

The new template is now displayed on the template list.

To create a report template by saving a report:

1. If using ADOMs, ensure that you are in the correct ADOM.
2. Go to Reports > Report Definitions > All Reports.
3. In the content pane, select the report from the list, and click Edit in the toolbar.
4. In the Layout tab, click the Save As Template button in the toolbar.
5. In the Save as Template dialog box, set the following options, and click OK:
   3. If you are in a Security Fabric ADOM, the Category must be SecurityFabric.

The new template is now displayed on the template list.

Viewing sample reports for predefined report templates

You can view sample reports for predefined report templates to help you visualize how the reports would look.

To view sample reports:

1. If using ADOMs, ensure that you are in the correct ADOM.
2. Go to the Reports > Report Definitions > Templates.
3. In the content pane, click the HTML or PDF link in the Preview column of a template to view a sample report based on the template.

Managing report templates

You can manage report templates in Reports > Report Definitions> Templates. Some options are available as buttons on the toolbar. Some options are available in the right-click menu. Right-click a template to display the menu.

Option	Description
Create New	Creates a new report template
Edit	Edits a report template. You can edit report templates that you created. You cannot edit predefined report templates.
View	Displays the settings for the predefined report template. You can copy elements from the report template to the clipboard, but you cannot edit a predefined report template.
Delete	Deletes the selected report template. You cannot delete predefined report templates.
Clone	Clones the selected report template.
Create Report	Creates the selected report template.
Install Template Pack	Upload and install a template pack.

List of report templates

FortiAnalyzer includes report templates you can use as is or build upon when you create a new report. FortiAnalyzer provide different templates for different devices.

You can find report templates in Reports > Report Definitions > Templates.

FortiGate report templates

Template – 360 Protection Report	Template – Security Events and Incidents Summary
Template – 360-Degree Security Review	Template – Self-Harm and Risk Indicators Report
Template – Admin and System Events Report	Template – Situation Awareness Report
Template – Application Risk and Control		Template – Social Media Usage Report
Template – Bandwidth and Applications Report		Template – Threat Report
Template – Client Reputation		Template – Top 20 Categories and Applications (Bandwidth)
Template – Cyber Threat Assessment		Template – Top 20 Categories and Applications (Session)
Template – Cyber-Bullying Indicators Report		Template – Top 20 Category and Websites (Bandwidth)
Template – DNS Report		Template – Top 20 Category and Websites (Session)
Template – Data Loss Prevention Detailed Report		Template – Top 500 Sessions by Bandwidth
Template – Detailed Application Usage and Risk		Template – Top Allowed and Blocked with Timestamps
Template – Email Report		Template – User Detailed Browsing Log
Template – FortiGate Performance Statistics Report		Template – User Security Analysis
Template – GTP Report		Template – User Top 500 Websites by Bandwidth
Template – High Bandwidth Application Usage Report		Template – User Top 500 Websites by Session
Template – Hourly Website Hits		Template – VPN Report
Template – IPS Report		Template – Web Usage Report
Template – PCI-DSS Compliance Review		Template – What is New Report
Template – SaaS Application Usage Report		Template – WiFi Network Summary
Template – Security Analysis		Template – Wireless PCI Compliance

FortiCache report templates

Template – FortiCache Default Report

Template – FortiCache Security Analysis

Template – FortiCache Web Usage Report

FortiClient report templates

Template – FortiClient Default Report

Template – FortiClient Vulnerability Scan Report

FortiDDoS report templates

Template – FortiDDoS Default Report

FortiMail report templates

Template – FortiMail Analysis Report

Template – FortiMail Default Report

FortiProxy report templates

Template – FortiProxy Default Report

Template – FortiProxy Security Analysis

Template – FortiProxy Web Usage Report

FortiSandbox report templates

Template – Endpoint Sandbox Detections Report

Template – FortiSandbox Default Report

FortiWeb report templates

Template – FortiWeb Default Report

Template – FortiWeb Web Application Analysis Report

Fabric report templates

Template – Fortinet Email Risk Assessment

Creating reports

You can create reports from report templates, by cloning and editing predefined/existing reports, or start from scratch.

Creating reports from report templates

You can create a new report from a template. The template populates the Layout tab of the report. The template specifies what text, charts, and macros to use in the report and the layout of the content. Report templates do not contain any data. Data is added to the report when you generate the report.

To create a new report from a template:

1. If using ADOMs, ensure that you are in the correct ADOM.
2. Go to Reports > Report Definitions > All Reports.
3. In the toolbar, click Create New. The Create Report dialog box opens.
4. In the Name box, type a name for the new report. The following characters are NOT supported in report names: \ / ” ‘ < > & , | # ? % $ +
5. Select From Template for the Create from setting, then select a template from the dropdown list. The template populates the Layout tab of the report.
6. Select the folder that the new report will be saved to from the dropdown list. See Organizing reports into folders on page 125 for information about folders.
7. Select OK to create the new report.
8. On the Settings tab, configure the settings as required. For a description of the fields, see Reports Settings tab on page 117.
9. Optionally, go to the Layout tab to customize the report layout and content. For a description of the fields, see Reports Layout tab on page 120.
10. Click Apply to save your changes.

Creating reports by cloning and editing

You can create reports by cloning and editing predefined and/or existing reports.

To create a report by cloning and editing:

1. If using ADOMs, ensure that you are in the correct ADOM.
2. Go to Reports > Report Definitions > All Reports.
3. In the content pane, select the report from the list, then click Clone in the toolbar.
4. In the Clone Report dialog box, type a name for the cloned report. The following characters are NOT supported in report names: \ / ” ‘ < > & , | # ? % $ +
5. Select the folder that the new report will be saved to from the dropdown list. See Organizing reports into folders on page 125 for information about folders.
6. Select OK to create the new report.
7. On the Settings tab, configure the settings as required. For a description of the fields, see Reports Settings tab on page 117.
8. Optionally, go to the Layout tab to customize the report layout and content. For a description of the fields, see Reports Layout tab on page 120.
9. Click Apply to save your changes.

Creating reports without using a template

To create a report without using a template:

1. If using ADOMs, ensure that you are in the correct ADOM.
2. Go to Reports > Report Definitions > All Reports.
3. In the toolbar, click Create New. The Create New Report dialog box opens.
4. In the Name box, type a name for the new report. The following characters are NOT supported in report names: \ / ” ‘ < > & , | # ? % $ +
5. Select the Blank option for the Create from
6. Select the folder that the new report will be saved to from the dropdown list. See Organizing reports into folders on page 125 for information about folders.
7. Select OK to create the new report.
8. On the Settings tab, you can specify a time period for the report, what device logs to include in the report, and so on. You can also add filters to the report, add a cover page to the report, and so on. For a description of the fields, see Reports Settings tab on page 117.
9. On the Layout tab, you can specify the charts and macros to include in the report, as well as report content and layout.

For a description of the fields, see Reports Layout tab on page 120.

For information about creating charts and macros, see Creating charts on page 130 and Creating macros on page 134.

10. Click Apply to save your changes.

Reports Settings tab

The following options are available in the Settings tab:

Field		Description
Time Period		The time period the report covers. Select a time period or select Custom to manually specify the start and end date and time.
Devices		The devices to include in the report. Select either All Devices or Specify to add specific devices. Select the add icon to select devices.
Type		Select either Single Report (Group Report) or Multiple Reports (Per-Device). This option is only available if multiple devices are selected.
Enable Schedule		Select to enable report template schedules.
Field			Description
Enable Auto-Cache			Select to assemble datasets before generating the report and as the data is available. This process uses system resources and is recommended only for reports that require days to assemble datasets. Disable this option for unused reports and for reports that require little time to assemble datasets.
Generate PDF Report Every			Select when the report is generated. Enter a number for the frequency of the report based on the time period selected from the dropdown list.
Start time			Enter a starting date and time for the file generation.
End time			Enter an ending date and time for the file generation, or set it to never ending.
Enable Notification			Select to enable report notification.
Output Profile			Select the output profile from the dropdown list, or click Create New to create a new output profile. See Output profiles on page 138.

Filters section of Reports Settings tab

See Filtering report output on page 124.

Advanced Settings section of Reports Settings tab

The following options are available in the Advanced Settings section of the Settings tab.

Field	Description
Language	Select the report language.
Bundle rest into “Others”	Select to bundle the uncategorized results into an Others category.
Print Orientation	Set the print orientation to portrait or landscape.
Chart Heading Level	Set the heading level for the chart heading.
Default Font	Set the default font.
Hide # Column	Select to hide the column numbers.
Layout Header	Enter header text and select the header image. Accept the default Fortinet image or click Browse to select a different image.
Layout Footer	Select either the default footer or click Custom to enter custom footer text in the text field.
Print Cover Page	Select to print the report cover page. Click Customize to customize the cover page. See Customizing report cover pages on page 119.
Print Table of Contents	Select to include a table of contents.
Field		Description
Print Device List		Select to print the device list. Select Compact, Count, or Detailed from the dropdown list.
Print Report Filters		Select to print the filters applied to the report.
Obfuscate User		Select to hide user information in the report.
Resolve Hostname		Select to resolve hostnames in the report.
Allow Save Maximum		Select a value between 1-10000 for the maximum number of reports to save.
Color Code		The color used to identify the report on the calendar. Select a color code from the dropdown list to apply to the report schedule. Color options include: Bold Blue, Blue, Turquoise, Green, Bold Green, Yellow, Orange, Red, Bold Red, Purple, and Gray.

Customizing report cover pages

A report cover page is only included in the report when enabled on the Settings tab in the Advanced Settings section.

When enabled, the cover page can be customized to contain the desired information and imagery.

To customize a report cover page:

1. If using ADOMs, ensure that you are in the correct ADOM.
2. Go to Reports > Report Definitions > All Reports.
3. In the content pane, select the report from the list, and click Edit in the toolbar.
4. Select the Settings tab and then click Advanced Settings.
5. Select the Print CoverPage checkbox, then click Customize next to the checkbox. The Edit CoverPage pane opens.
6. Configure the following settings:

Background Image	Click Browse to open the Choose an Image dialog box. Select an image or click Upload File to find an image on the management computer, then click OK to add the image as the background image of the cover page.
Top Image	Click Browse to open the Choose an Image dialog box. Select an image or click Upload File to find an image on the management computer, then click OK to add the image at the top of the cover page.
Top Image Position	Select the top image position from the dropdown menu. Select one of the following: Left, Center, Right.
Text Color	Select a text color from the dropdown list.
Show Creation Time	Select to print the report date on the cover page.
Show Data Range	Select to print the data range on the cover page.
Report Title	Accept the default title or type another title in the Report Title field.
Custom Text 1	If you want, enter custom text for the Custom Text 1 field.
Custom Text 2	If you want, enter custom text for the Custom Text 2 field.
Bottom Image	Click Browse to open the Choose an Image dialog box. Select an image or click Upload File to find an image on the management computer, then click OK to add the image to the bottom of the cover page.
Footer Left Text	If you want, enter custom text to be printed in the left footer of the cover page.
Footer Right Text	If you want, enter custom text to be printed in the right footer of the cover page.
Footer Background Color	Select the cover page footer background color from the dropdown list.
Reset to Default	Select to reset the cover page settings to their default settings.

7. Click OK to save the configurations and return to the Settings

Reports Layout tab

Because the cut, copy, and paste functions need access to the clipboard of your operating system, some Internet browsers either block it when called from the layout editor toolbar, or ask you to explicitly agree to it. If you’re blocked from accessing the clipboard by clicking the respective cut, copy and paste buttons from the toolbar or context menu, you can always use keyboard shortcuts.

The following options are available in the Layout tab (layout editor):

Field	Description
Insert Chart or Edit Chart	Click to insert a FortiAnalyzer chart. Charts are associated with datasets that extract data from logs for the report. In the Insert Chart or Chart Properties dialog box, you can specify a custom title, width, and filters for the chart. For information on setting filters, see Filtering report output on page 124. You can edit a chart by right clicking the chart in the layout editor and selecting Chart Properties or by clicking the chart to select it and then clicking Edit Chart.
Insert Macro	Click to insert a FortiAnalyzer macro. Macros are associated with datasets that extract data from logs for the report.
Image	Click the Image button in the toolbar to insert an image into the report layout. Right-click an existing image to edit image properties.
Table	Click the Table button in the toolbar to insert a table into the report layout. Rightclick an existing table to edit a cell, row, column, table properties, or delete the table.
Insert Horizontal Line	Click to insert a horizontal line.
Insert Page Break for Printing	Click to insert a page break for printing.
Link	Click the Link button in the toolbar to open the Link dialog box. You can select to insert a URL, a link to an anchor in the text, or an email address. Alternatively, use the CTRL+L keyboard shortcut to open the Link dialog box.
Anchor	Click the Anchor button in the toolbar to insert an anchor in the report layout.
Cut	To cut a text fragment, start with selecting it. When the text is selected, you can cut it using one of the following methods: l Click the cut button in the toolbar l Right-click and select cut in the menu l Use the CTRL+X shortcut on your keyboard.
Copy	To cut a text fragment, start with selecting it. When the text is selected, you can cut it using one of the following methods: l Click the cut button in the toolbar l Right-click and select cut in the menu l Use the CTRL+C shortcut on your keyboard.
Paste	To paste text, start with cutting or copying from another source. Depending on the security settings of your browser, you may either paste directly from the clipboard or use the Paste dialog box.
Paste as plain text	Click Paste as plain text to paste formatted text without the formatting. If the browser blocks the editor toolbar’s access to clipboard, a Paste as Plain Text dialog box appears and you can paste the fragment into the text box using the CTRL+V keyboard shortcut.

 

Field	Description
Paste from Word	You can preserve basic formatting when you paste a text fragment from Microsoft Word. To achieve this, copy the text in a Word document and paste it using one of the following methods: l Click the Paste from Word button in the toolbar l Use the CTRL+V shortcut on your keyboard.
Undo	Click to undo the last action. Alternatively, use the CTRL+Z keyboard shortcut to perform the undo operation.
Redo	Click to redo the last action. Alternatively, use the CTRL+Y keyboard shortcut to perform the redo operation.
Find	Click to find text in the report layout editor. This dialog box includes the following elements: l Find what: Is the text field where you enter the word or phrase you want to find. l  Match case: Checking this option limits the search operation to words whose case matches the spelling (uppercase and lowercase letters) given in the search field. This means the search becomes case-sensitive. l  Match whole word: Checking this option limits the search operation to whole words. l  Match cyclic: Checking this option means that after the editor reaches the end of the document, the search continues from the beginning of the text. This option is checked by default.
Replace	Click to replace text in the report layout editor. This dialog box includes consists of the following elements: l  Find what: Is the text field where you enter the word or phrase you want to find. l  Replace with: Is the text field where you enter the word or phrase that will replace the search term in the document. l  Match case: Checking this option limits the search operation to words whose case matches the spelling (uppercase and lowercase letters) given in the search field. This means the search becomes case-sensitive. l  Match whole word: Checking this option limits the search operation to whole words. l  Match cyclic: Checking this option means that after the editor reaches the end of the document, the search continues from the beginning of the text. This option is checked by default.
Save as Template	Click to save the layout as a template.
Paragraph Format	Select the paragraph format from the dropdown list. Select one of the following: Normal, Heading 1, Heading 2, Heading 3, Heading 4, Heading 5, Heading 6, Formatted, Address, or Normal (DIV).
Font Name	Select the font from the dropdown list.
Font Size	Select the font size from the dropdown list. Select a size ranging from 8 to 72.

 

Field	Description
Bold	Select the text fragment and then click the Bold button in the toolbar. Alternatively, use the CTRL+B keyboard shortcut to apply bold formatting to a text fragment.
Italic	Select the text fragment and then click the Italic button in the toolbar. Alternatively, use the CTRL+I keyboard shortcut to apply italics formatting to a text fragment.
Underline	Select the text fragment and then click the Underline button in the toolbar. Alternatively, use the CTRL+U keyboard shortcut to apply underline formatting to a text fragment.
Strike Through	Select the text fragment and then click the Strike Through button in the toolbar.
Subscript	Select the text fragment and then click the Subscript button in the toolbar.
Superscript	Select the text fragment and then click the Superscript button in the toolbar.
Text Color	You can change the color of text in the report by using a color palette. To choose a color, select a text fragment, click the Text Color button in the toolbar, and select a color.
Background Color	You can also change the color of the text background.
Insert/Remove Numbered List	Click to insert or remove a numbered list.
Insert/Remove Bulleted List	Click to insert or remove a bulleted list.
Decrease Indent	To decrease the indentation of the element, click the Decrease Indent toolbar button. The indentation of a block-level element containing the cursor will decrease by one tabulator length.
Increase Indent	To increase the indentation of the element, click the Increase Indent toolbar button. The block-level element containing the cursor will be indented with one tabulator length.
Block Quote	Block quote is used for longer quotations that are distinguished from the main text by left and right indentation. It is recommended to use this type of formatting when the quoted text consists of several lines or at least 100 words.
Align Left	When you align your text left, the paragraph is aligned with the left margin and the text is ragged on the right side. This is usually the default text alignment setting for the languages with left to right direction.
Center	When you center your text, the paragraph is aligned symmetrically along the vertical axis and the text is ragged on the both sides. This setting is often used in titles or table cells.
Align Right	When you align your text right, the paragraph is aligned with the right margin and the text is ragged on the left side. This is usually the default text alignment setting for the languages with right to left direction.
Justify	When you justify your text, the paragraph is aligned to both the left and right margins and the text is not ragged on either side..
Field	Description
Remove Format	Click to remove formatting.

Filtering report output

You can apply log message filters to reports and charts.

To filter output in a report:

Click the Settings tab and scroll to the Filters section.

To filter output in a chart:

1. Click the Layout
2. Filter a new or existing chart:
   • Click Insert Chart and scroll to the Filters
   • Right-click a chart in the layout and select Chart Properties. Scroll to the Filters

In the Filters section, the following options are available.

Field		Description
Log messages that match		Available in the Settings tab only. Select All to filter log messages based on all of the added conditions, or select Any of the Following Conditions to filter log messages based on any one of the conditions.
Add Filter		Click to add filters. For each filter, select the field, and operator from the dropdown lists, then enter or select the values as applicable. Filters vary based on device type. When adding a filter, keep the following considerations in mind: l The Settings and Layout tabs use the same Log Field list to filter output; however, some log fields are not used in charts. The Log Field you use to filter a report may not apply to the log fields in a chart. l The Value field is case sensitive.
LDAP Query		Available in the Settings tab only. Click to add an LDAP query, then select the LDAP Server and the Case Change value from the dropdown lists. Use this option to query an LDAP server for group membership. The results of this query is used to filter the report to only match logs for users belonging to that group. You must specify the group name in the filter definition.
Field	Description
	If you enable LDAP Query, the group name is not used to match the group field in logs. The group name is only used for the LDAP query to determine group membership. The query will not retrieve the userPrincicpalName if the Distinguished Name in the System Settings does not contain an organization unit (ou). To retrieve the UPN, add the Distinguished Name as it appears in the System Settings to your query.

Reports

You can generate data reports from logs by using the Reports feature. You can do the following:

l Use predefined reports. Predefined report templates, charts, and macros are available to help you create new reports. l Create custom reports.

Report files are stored in the reserved space for the FortiAnalyzer device. See Automatic deletion on page 56.

For more information on FortiAnalyzer report technology and troubleshooting report performance issues, see the FortiAnalyzerReport Performance Troubleshooting Guide.

How ADOMs affect reports

When ADOMs are enabled, each ADOM has its own reports, libraries, and advanced settings. Make sure you are in the correct ADOM before selecting a report. See Switching between ADOMs on page 15.

Some reports are available only when ADOMs are enabled. For example, ADOMs must be enabled to access FortiCarrier, FortiCache, FortiClient, FortiDDoS, FortiMail, FortiSandbox, and FortiWeb reports. In a Security Fabric ADOM, all reports are displayed.

You can configure and generate reports for these devices within their respective default ADOM or a Security Fabric ADOM. These devices also have device-specific charts and datasets.

Predefined reports, templates, charts, and macros

FortiAnalyzer includes a number of predefined elements you can use to create and/or build reports.

Predefined…	GUI Location	Purpose
Reports	Reports > Report Definitions > All Reports	You can generate reports directly or with minimum setting configurations. Predefined reports are actually report templates with basic default setting configurations.
Templates	Reports > Report Definitions > Templates	You can use directly or build upon. Report templates include charts and/or macros and specify the layout of the report. A template populates the Layout tab of a report that is to be created. See List of report templates on page 128.
Predefined…	GUI Location		Purpose
Charts	Reports > Report Definitions > Chart Library		You can use directly or build upon a report template you are creating, or in the Layout tab of a report that you are creating. Charts specify what data to extract from logs.
Macros	Reports > Report Definitions > Macro Library		You can use directly or build upon a report template that you are creating, or in the Layout tab of a report that you are creating. Macros specify what data to extract from logs.

Logs used for reports

Reports uses Analytics logs to generate reports. Archive logs are not used to generate reports. For more information, see Data policy and automatic deletion on page 22.

For reports about users, the FortiGate needs to populate the user field in the logs sent to FortiAnalyzer.

How charts and macros extract data from logs

Reports include charts and/or macros. Each chart and macro is associated with a dataset. When you generate a report, the dataset associated with each chart and macro extracts data from the logs and populates the charts and macros. Each chart requires a specific log type.

FortiAnalyzer includes a number of predefined charts and macros. You can also create custom charts and macros.

How auto-cache works

When you generate a report, it can take days to assemble the required dataset and produce the report, depending on the required datasets. Instead of assembling datasets at the time of report generation, you can enable the auto-cache feature for the report.

Auto-cache is a setting that tells the system to automatically generate hcache. The hcache (hard cache) means that the cache stays on disk in the form of database tables instead of memory. Hcache is applied to “matured” database tables. When a database table rolls, it becomes “mature”, meaning the table will not grow anymore. Therefore, it is unnecessary to query this database table each time for the same SQL query, so hcache is used. Hcache runs queries on matured database tables in advance and caches the interim results of each query. When it is time to generate the report, much of the datasets are already assembled, and the system only needs to merge the results from hcaches. This reduces report generation time significantly.

The auto-cache process uses system resources to assemble and cache the datasets and it takes extra space to save the query results. You should only enable auto-cache for reports that require a long time to assemble datasets.

Generating reports

You can generate reports by using one of the predefined reports or by using a custom report that you created. You can find all the predefined reports and custom reports listed in Reports > Report Definitions > All Reports.

To generate a report:

1. Go to Reports > Report Definitions > All Reports.
2. In the content pane, select a report from the list.
3. (Optional) Click Edit in the toolbar and edit settings on the Settings and Layout For a description of the fields in the Settings and Layout tabs, see Reports Settings tab on page 117 and Creating charts on page 130 and Macro library on page 134.
4. In the toolbar, click Run Report.

Viewing completed reports

After you generate reports, you can view completed reports in Reports > Generated Reports or Reports > Report Definitions > All Reports. You can view reports in the following formats: HTML, PDF, XML, and CSV.

To view completed reports in Generated Reports:

1. Go to Reports > Generated Reports.

This view shows all generated reports for the specified time period.

2. To sort the report list by date, click Orderby Time.To sort the report list by report name, click Orderby Name.
3. Locate the report and click the format in which you want to view the report to open the report in that format. For example, if you want to review the report in HTML format, click the HTML

To view completed reports in All Reports:

1. Go to Reports > Report Definitions > All Reports.
2. On the report list, double-click a report to open it.
3. In the View Report tab, locate the report and click the format in which you want to view the report to open the report in that format.

For example, if you want to review the report in HTML format, click the HTML link.

Enabling auto-cache

You can enable auto-cache to reduce report generation time for reports that require a long time to assemble datasets. For information about auto-cache and hcache, see How auto-cache works on page 112.

You can see the status of building the cache in Reports > Report Definitions > All Reports in the Cache Status column.

To enable auto-cache:

1. Go to Reports > Report Definitions > All Reports.
2. Select the report from the list, and click Edit in the toolbar.
3. In the Settings tab, select the Enable Auto-cache
4. Click Apply.

Grouping reports

If you are running a large number of reports which are very similar, you can significantly improve report generation time by grouping the reports. Grouping reports has these advantages:

l Reduce the number of hcache tables. l Improve auto-hcache completion time. l Improve report completion time.

Step 1: Configure report grouping

For example, to group reports with titles containing string Security_Report by device ID and VDOM, enter the following CLI commands:

config system report group edit 0 set adom root config group-by edit devid next edit vd next

end

set report-like Security_Report

next

end

Notes:

• The report-like field specifies the string in report titles that is used for report grouping. This string is casesensitive. l The group-by value controls how cache tables are grouped.
• To view report grouping information, enter the following CLI command, then check the Report Group column of the table that is displayed.

execute sql-report list-schedule <ADOM>

Step 2: Initiate a rebuild of hcache tables

To initiate a rebuild of hcache tables, enter the following CLI command: diagnose sql hcache rebuild-report <start-time> <end-time>

Where <start-time> and <end-time> are in the format: <yyyy-mm-dd hh:mm:ss>.

Retrieving report diagnostic logs

Once you start to run a report, FortiAnalyzer creates a log about the report generation status and system performance. Use this diagnostic log to troubleshoot report performance issues. For example, if your report is very slow to generate, you can use this log to check system performance and see which charts take the longest time to generate.

For information on how to interpret the report diagnostic log and troubleshoot report performance issues, see the FortiAnalyzerReport Performance Troubleshooting Guide.

To retrieve report generation logs:

1. In Reports > Generated Report, right-click the report and select Retrieve Diagnostic to download the log to your computer.
2. Use a text editor to open the log.

Auto-Generated Reports

The CyberThreat Assessment report is automatically generated. By default, the report will run at 3:00AM every Monday. For more information on report scheduling, see Scheduling reports on page 115.

Schedules can be viewed in the Report Calendar. See Report calendar on page 141.

Scheduling reports

You can configure a report to generate on a regular schedule. Schedules can be viewed in the Report Calendar. See Report calendar on page 141.

To schedule a report:

1. Go to Reports > Report Definitions > All Reports.
2. Select a report and click Edit in the toolbar.
3. Click Settings in the toolbar.
4. Select the Enable Schedule checkbox and configure the schedule.
5. Click Apply.

Enabling and disabling SOC

The FortiAnalyzer SOC module can be disabled for performance tuning through the CLI. When disabled, the GUI will hide the SOC modules as well as the FortiView and Monitors panes, and stop background processing for this feature.

To disable SOC in the CLI:

config system global set disable-module fortiview-noc

end

To enable SOC in the CLI:

config system global unset disable-module end

Disabling the SOC module will cause the FortiAnalyzer to return the following error message when the FortiGate attempts to retrieve FortiAnalyzer data: Server Error: FortiView\/NOC function is disabled on FortiAnalyzer.

The FortiGate GUI displays the message: Failed to retrieve FortiView data.