Manuals / Fortinet / Computer Equipment / Network Card

Fortinet 1.2.0 manual Analysis, Log Viewer Customizing the log view, e-Discovery

Models: 1.2.0

1 76

Download 76 pages 6.25 Kb

Page 57

Analysis

Analysis

Analysis

In the Analysis menu, you can view, search and browse through log files of each registered device. You can also view and generate reports. The Analysis menu also includes the e-Discovery tab, which allows you to search for email messages.

The FortiGuard Analysis server can store all log files, such as content logs and traffic logs. This server is a device that stores log files, similar to a FortiAnalyzer unit or Syslog server.

Reports are automatically provided for each device and can be generated from the Report tab. Generated reports are provided as PDF files. Reports display the gathered log data in bar and pie graphs within the PDF file.

Reports help you to:

•view network usage and patterns to make informed decisions

•discover and address vulnerabilities across dispersed device installations

•minimize the effort required to identify attack patterns when customizing policies to prevent attacks

•monitor Internet surfing patterns for compliance with your company policy

•identify your web site visitors for potential customers.

The e-Discovery tab allows you to configure a detailed search for specific email messages. The e-Discovery tab also provides access for third-party users, who have the e-Discovery role profile, to view specific email messages and to search for specific email messages

This section includes the following topics:

•Log Viewer

•Customizing the log view

•Deleting log files from the FortiGate web-based manager

•Reports

•e-Discovery

Note: DST is now extended by four weeks in the United States and Canada and may affect your location. It is recommended to verify if your location observes this change, since it affects the scope of the report. Fortinet has released supporting firmware. For more information, see the Fortinet Knowledge Center article, New Daylight Saving Time support.

In previous firmware releases of the service, the feature IP alias was available. In

FortiGuard Analysis and Management Service 1.2.0, the IP alias is no longer available.

FortiGuard Analysis and Management Service Version 1.2.0 Administration Guide
13-12000-406-20081031	59

Image 57

Fortinet 1.2.0 manual Analysis, Log Viewer Customizing the log view, e-Discovery

Contents

A D M I N I S T R A T I O N G U I D E FortiGuard Analysis and Management Service VersionTrademarks FortiGuard Analysis and Management Service Administration GuideSetup ContentsIntroduction DashboardAnalysis ManagementCustomizing the log view Deleting log files from the FortiGate web-based managerContents Index13-12000-406-20081031 13-12000-406-20081031 ContentsIntroduction Customer service and technical supportAbout this document Document conventionsTypographic conventions Fortinet documentationFortinet Tools and Documentation CD Fortinet Knowledge CenterCustomer service and technical support Customer service and technical supportCustomer service and technical support 13-12000-406-20081002Introduction Configuring a device to use the service Expanding or renewing service SetupAbout the portal web site About the portal web site Obtaining a trial contractFigure 1 The portal web site SetupExpand Arrow SetupSection Obtaining a trial contractHelp Log out1 Go to https//fams.fortinet.com To obtain a trial contractSetup 2 Select the Sign Up Now linkTo configure the Service Account ID and validate connectivity Configuring a device to use the serviceConfiguring remote logging and central management Verifying the connectivity between the service and the deviceTo configure remote management by the service To configure remote logging to the serviceSetup Expanding or renewing serviceAllow automatic backup of configuration on logout/timeout Allow configuration updates initiated by the management serverTo add a renewal contract Renewing contractsAdding purchased contracts To add a purchased contract to a Service Account IDFigure 10 Adding a purchased contract Figure 9 Locating the Service Account IDRequired port numbers Required port numbersSetup Required port numbers13-12000-406-20081031 Dashboard Configuring widgets Customizing the Dashboard pageThe Dashboard main menu The Dashboard main menu Widgets Adding and customizing pagesWidgets Configuring the Resource Monitor Configuring widgetsAdding and customizing pages To add and customize a pageConfiguring the Network Monitor “Configuring an alert profile” on page Configuring the Trap ConsoleDashboard 13-12000-406-20081031Configuring the Report widgets IPS Report - provides information about IPS anomalies and signatures Color Bar chart only OK Configuring widgetsSelect the calendar to configure the end date and To dateTo customize the Dashboard page Customizing the Dashboard pageCustomizing the Dashboard page 13-12000-406-20081031Dashboard Authorizing the service on devices Device Scripts Topology Tool SettingsDe-authorizing the service on devices Sending manual or automatic configuration revisionsTo view device information, go to Management Device To add a device 1 Go to Management Device Adding and editing devicesManagement Basic Information sectionDe-authorizing the service on devices Authorizing the service on devicesTo authorize service on a device 1 Go to Management Device To de-authorize a device from using the serviceSending manual or automatic configuration revisions Viewing configuration revisionsFigure 21 List of configuration revisions for each device To search a revision 1 Go to Management Device Revision History Searching configuration revisionsComparing configuration revisions To compare configuration revisions from within the portal web site1 Go to Management Device Revision History To restore a configuration revision or script Restoring configuration revisionsRunning scripts Viewing available firmware imagesTo run a script Go to Management Device Device Detail To schedule a firmware change 1 Go to Management Device Changing firmware from the portal web siteScripts Changing firmware from the deviceTo immediately change firmware To create a script by entering CLI commands To create a script from a configuration fileCreating scripts 1 Go to Management ScriptTo view available configuration scripts, go to Management Script Viewing available configuration scripts7 Select Submit The script is added to the list of available scripts ManagementFigure 24 Network diagram in View mode Topology ToolView Mode menus Figure 25 Network diagram in Edit modeFile Contains the following menus Open Close View Contains the following menus Zoom In Zoom Out Hide GridTo create a network diagram 1 Go to Management Topology Tool Creating a network diagramViewing a network diagram SettingsViewing service account information To view a network diagram 1 Go to Management Topology ToolSettings Edit13-12000-406-20081031 Adding, editing and removing administrators To add or edit account users 1 Go to Management Settings Editing your login profileTo remove a user account 1 Go to Management Settings To edit your profile 1 Go to Management SettingsConfiguring an alert profile Changing your service account IDTo change the Service Account ID 1 Go to Management Settings To configure an alert profile 1 Go to Management SettingsSettings Name When nn occurrences within nnminhr Send to Message13-12000-406-20081031 Log Viewer Customizing the log view AnalysisDeleting log files from the FortiGate web-based manager Reports e-DiscoveryViewing logs Log ViewerAnalysis By default, log messages are displayed in Formatted mode. Selectlogging and central management” on page current log messagesCustomizing the log column views Customizing the log viewFiltering logs To show or hide columnsTo change the order of the columns To clear log filters 1 Go to Analysis Log Viewer To filter logs 1 Go to Analysis Log ViewerLog File Browser To view and download log files, go to Analysis Log File BrowserAnalysis Reports Deleting log files from the FortiGate web-based managerTo download a log file 1 Go to Analysis Log File Browser To delete any log files older than n monthsFigure 32 Reports Viewing generated reportsDeleting reports To view a generated report 1 Go to Analysis ReportTo delete a report 1 Go to Analysis Report e-Discovery Viewing e-Discovery tasksViewing e-Discovery tasks Creating tasks for e-Discovery mm-dd hhmmss e-Discoverydd hhmmss 13-12000-406-20081031Analysis view the task. For example, if the13-12000-406-20081031 Creating tasks for e-Discovery To copy a task and apply it to a new task To create tasks for e-Discovery 1 Go to Analysis e-Discovery1 Go to Analysis e-Discovery To delete a task 1 Go to Analysis e-Discoverye-Discovery 13-12000-406-20081031Analysis Index Index13-12000-406-20081031 Index