Manuals / Fortinet / Computer Equipment / Network Card

Fortinet 3.0 MR7 manual Configuring report layout

Models: 3.0 MR7

1 234

Download 234 pages 61.67 Kb

Page 118

Configuring reports

Reports

Note: Reports cannot be created for devices that are of an unknown type, such as generic Syslog devices, nor for devices that are not registered with the FortiAnalyzer unit’s device list. For more information about on registering devices, see “Manually adding a device” on page 80.

Configuring report layout

The Layout tab enables you to configure and define multiple report layouts, which can then be applied to report schedules or generated immediately.

Figure 1: report layouts in Reports > Config > Layout

	Delete

	Edit

	Clone

	Run Now

Create New	Select to create a new report layout and configure its settings.
Delete	Select to remove report layouts whose check boxes are selected.
	• To delete one or more reports, select the check box next to their
	report name, then select Delete.
	• To delete all reports, select the column heading check box. All
	reports’ check boxes become select, and then select Delete.
	You cannot delete report layouts that are currently being used in
	report schedules.
Report Name	The name of the report layout given when configuring a report
	layout.
Report Description	The description or comments entered in the Description field of the
	report layout.
Company	The name of the company, if given, when configuring the report
	layout.
Chart Number	The number of charts that are included in that report layout.
Action column	Select Edit to view or modify the report layout.
	Select Clone to create a duplicate of a report layout to use as a
	basis for creating a new report layout.
	Select Run Now to run a report layout immediately (on demand),
	instead of waiting for the report layout’s scheduled time.
	Select Delete to remove the report layout.

FortiAnalyzer Version 3.0 MR7 Administration Guide

114	05-30007-0082-20080908

Image 118

Fortinet 3.0 MR7 manual Configuring report layout

Contents

M I N I S T R a T I O N G U I D E Regulatory compliance TrademarksFCC Class a Part 15 CSA/CUS Contents Log Receive Monitor Intrusion Activity Radius Server Administrator SettingsViewing session information Filtering session information Adding a routeDevice Content Archive 107Log Alert 133 Reports 113Quarantine 131 Network Analyzer 141Tools 157 Managing firmware versions 169Appendix FortiAnalyzer reports in 3.0 MR7 185 Index 213Introduction About this documentDescribes how to install and set up the FortiAnalyzer unit Fortinet documentationFortinet Knowledge Center Customer service and technical supportFortinet Tools and Documentation CD Comments on Fortinet technical documentationCustomer service and technical support What’s new for 3.0 MR7 High-end FortiAnalyzer units support additionalFortiAnalyzerVersion 3.0 MR7 Administration Guide Registered devices’ hard limits MR7 new features and changesPower supply monitoring for FortiAnlayzer-2000A and 4000A CLI displays the tasks in the upload queueCustom fields for log messages Report configuration enhancementsConfig log settings Set custom-field1-5 ReportsAll other reports, for example VoIP reportsReportHeadquarters-2008-05-26-1030 Alert email configuration changes Administrative Domains ADOMs About administrative domains ADOMsAbout administrative domains ADOMs FortiAnalyzer Model Number of Administrative Domains Go to System Admin Settings Configuring ADOMsTo enable ADOMs Enable Admin Domain Configuration Select OK Message appearsTo add or edit an Adom To disable ADOMsGo to Global Configuration System Admin Settings Select OK FortiAnalyzer unit logs you outTo access an Adom Accessing ADOMs as the admin administratorAssigning administrators to an Adom To assign an administrator to an AdomDashboard SystemSystem Information To rearrange a Dashboard widget Go to System Dashboard To refresh a Dashboard widget Go to System DashboardTo omit a Dashboard widget Go to System Dashboard TabsTo include a Dashboard widget Go to System Dashboard To add a tab Go to System DashboardEnter a new name and press Enter Double-click on the name of the tab and select the X symbolRAID Monitor To delete a tab Go to System DashboardSystem Information Rebuilding iconSetting the time 05-30007-0082-20080908License Information Changing the host nameChanging the firmware To change the host name Go to System DashboardRVS Plug-ins Device License System ResourcesViewing operational history Memory UsageTo format the log disks Go to System Dashboard System OperationFormatting the log disks Systems Operations area, select Format Log Disks Select OKViewing alert console messages Resetting to the default configurationAlert Message Console To view alert console messages Go to System DashboardSelect the delete icon StatisticsViewing session information ConnectionsTo view the session information Go to System Dashboard Filtering session informationReport Engine Statistics area, next to Connections, select DetailsTop N Log Receive MonitorType PeriodVirus Activity Intrusion ActivityDisplay by Top FTP Traffic Virus Activity widgetTop Email Traffic Top Email Traffic, select EditTop IM/P2P Traffic Top IM/P2P Traffic, select Edit in the title bar areaTo edit information for Top Traffic Go to System Dashboard Top TrafficTop Traffic, select Edit in the title bar area Top Web Traffic Top Web Traffic, select EditNetwork InterfaceStatus Changing interface settingsAdministrative ModifyRouting To configure DNS settings Go to System Network DNSAbout Fortinet Discovery Protocol Enter an IP address for a primary and secondary DNS serverAdding a route AdminSelect Create New Configure the following options To add a static route Go to System Network RoutingAdding or editing an administrator account Access Profile Changing an administrator’s passwordAccess Profile Admin DomainNone To add a group Go to System Admin Auth GroupAuth Group Read OnlySelect Create New Configure the following and select OK Administrator SettingsTo add a Radius server Go to System Admin Radius Server Radius ServerAdding share users Network SharingMonitor To add a user account Go to System Network Sharing UserAdding share groups Configuring Windows sharesTo add a user group Go to System Network Sharing Group Assigning user permissions PermissionsConfiguring NFS shares Remote ClientsDefault file permissions on NFS shares ConfigAutomatic file deletion and local log settings FortiAnalyzer unit log settings Log Locally Log Level Allocated Disk Space MBConfiguring log aggregation FortiAnalyzer-2000/2000A FortiAnalyzer-400FortiAnalyzer-800/800B FortiAnalyzer-4000/4000AConfiguring log forwarding Configuring an aggregation clientConfiguring an aggregation server To forward log events Go to System Config Log ForwardingTo edit an IP alias Go to System Config IP Alias Configuring IP aliasesTo add an IP alias Go to System Config IP Alias To import the alias file Go to System Config IP AliasIP alias ranges Configuring RAIDRAID levels Linear RAIDHot swapping hard disks RAID 5 with hot spareFortiAnalyzer-400 disk drive configuration FortiAnalyzer-800/800B disk drive configurationFortiAnalyzer-2000/2000A disk drive configuration To swap a hard disk Go to System Config RAIDFortiAnalyzer-4000 disk drive configuration FortiAnalyzer-800/800B Configuring RAID on the FortiAnalyzer-400As well as from System Config RAID Level 1Configuring Ldap connections Size GBTo define an Ldap server query Go to System Config Ldap Select Create New. Complete the followingBackup & Restore MaintenanceBackup Back up the current configuration FortiGuard Center 10.10.1.108889 Every UpdateScheduled DailyMaintenance Device Viewing the device listUnregistered Device Options Add DeviceShow HardwareSecure Connection Disk Space MB Used/Allocated ActionMaximum number of devices To delete a device Go to Device All DeviceUnregistered vs. registered devices Configuring unregistered device connection attempt handling Or the following options for unknown device types Manually adding a device Mode Device NameDevice ID Member IDsWhen Allocated Disk Space is All Used Devices Privileges Group Membership FortiGate Interface SpecificationClassifying FortiGate network interfaces Configure the FortiGate device For more information, see Manually adding a device onOn the FortiAnalyzer unit, go to Device All To enable the FortiAnalyzer unit to reply to FDP packetsGo to System Network Blocking device connection attempts Hardware ModelTo block a device Go to Device All Device Configuring device groupsTo unblock a device Go to Device All Blocked Device Group Name To configure a device group Go to Device Group Device GroupTo delete a device group Go to Device Group Device Group MembersViewing log messages LogViewing current log messages Viewing historical log messages Settings ColumnTo view historical logs Go to Log Log Viewer Historical Browsing log filesImport Viewing log file contents Importing a log file To import a log file Go to Log BrowseTo download a partial log file Go to Log Browse Downloading a log fileTo download a whole log file Go to Log Browse Convert to CSV format Compress with gzipDisplaying and arranging log columns Select Download Current View Configure the followingCustomizing the log view To display logs in Raw or Formatted viewTo display or hide columns Filtering logsTo change the order of the columns To disable a filter To filter log messages by column contentsFiltering tips Searching the logs 101Searching the logs FromTo search the logs Go to Log Search Search tips103 Printing the search results 192.168.* action=loginDownloading the search results To download log search results Go to Log Search Rolling and uploading logs105 Server IP address ExceedNot exceeded Username107 108 Content Archive Viewing content archivesPrintable Version Delete associated content archive files View per page Page n of n Column SettingsTimeframe Customizing the content archive view 109Filter icons in the content logs 111 Searching full email content archives Last activity 113114 Configuring reports ReportsConfiguring report layout Name Enter a name for the report Description To configure a report layout Go to Report Config Layout115 Header Logo Title Page LogoCategory Editing charts in a report layout 117To edit a chart Maximum Entries Top N Time Scale AdvancedTo edit section Configuring report schedulesTo edit text 119Report layout Name To configure a report schedule Go to Report ScheduleSchedule Name ScheduleTime Period Log Data FilteringData Filter 121Configuring data filter templates Data filter templatesSources Filter logic123 Policy IDs DestinationsInterfaces Day of the WeekConfiguring report output templates 125FTP/SFTP/SCP Server Action Output template127 Configuring language Nomatch=No matching log data for this report# Localization uses a Latin character set Comment is129 Languages FontSave the format file Language file error messages Error message Description131 Browsing reports 133 134 Quarantined files for a specific device QuarantineViewing quarantined files SeeChecksum ServiceDate & Time Status DescriptionAlert Events AlertTriggers Adding an alert event To add a new alert event Go to Alert Alert EventTo Email Address Configuring alerts by email serverOutput AddEnable Testing the mail server configurationConfiguring Snmp traps and alerts Smtp Server137 Adding an Snmp server FortiAnalyzer Snmp supportFortinet MIB Logging Traps Fortinet MIB Administrator AccountsFortinet MIB System Traps Fortinet MIB VPN TrapsRFC-1213 MIB Configuring alerts by Syslog serverAdding a Syslog server RFC-2665 Ethernet-like MIBConfigure the following options, and select OK 141142 Config log settings Set enableanalyzer yes End Network AnalyzerExample network topology for Network Analyzer use Viewing current Network Analyzer log messages Viewing Network Analyzer log messages143 Protocol Protocol used when sending the traffic Message Viewing historical Network Analyzer log messagesViewing Network Analyzer log file contents Browsing Network Analyzer log filesResolve Service View n per page Page n of n Column Settings Printable Version Download Current ViewDownloading a Network Analyzer log file 147Customizing the Network Analyzer log view Displaying and arranging Network Analyzer log columnsFilter icons in Network Analyzer 149150 Quick Search Searching the Network Analyzer logsKeywords Full SearchTo search the logs Go to Tools Network Analyzer Search Other172.20.120.127 tcp 153Rolling and uploading Network Analyzer logs Select the download options that you want, then select OKLog file should be rolled... even if size is not exceeded 155Select the protocol to use when uploading to the server Preparing for the vulnerability scan job Tools157 Preparing Windows target hosts 159 To enable NetBIOS Go to Start Control Panel Preparing Unix target hosts Viewing vulnerability scan modules161 Vulnerability Scan modules View modules with severity Details Configuring vulnerability scan jobs163 Job Name TargetScan Targets Remote Authentication User NameSelect Create New Complete the following Quick ScanEmail Attachment File outputEmail Body Viewing vulnerability scan reports 167End Time File ExplorerFormats File Explorer with Storage directory expanded 169170 Backing up your configuration Managing firmware versionsTo back up your configuration file using the CLI Backing up your configuration using the web-based managerBacking up your configuration using the CLI Execute backup config filename addressip passwd171 Press any key to display configuration menu… Testing firmware before upgradingTo test the firmware image before upgrading Enter firmware image file name image.out Enter Tftp server addressEnter Local Address 173Upgrading to FortiAnalyzer Upgrading using the web-based managerUpgrading your FortiAnalyzer unit OnlyTo upgrade to FortiAnalyzer 3.0 using the CLI Upgrading using the CLITo upgrade to FortiAnalyzer 3.0 using the web-based manager Execute restore image namestr tftpip4Verifying the upgrade Get system statusSelect OK Following message appears Reverting to a previous firmware versionDowngrading to FortiLog 177Execute restore image tftp namestr tftpipv4 Downgrading to FortiLog 1.6 using the CLITo downgrade using the CLI Execute restore image tftp image.out179 To restore a firmware image to the FortiAnalyzer unit Restoring your configurationRestoring configuration settings on a FortiAnalyzer unit Execute rebootEnter File Name image.out When this message appearsPress any key to display configuration menu 181Execute restore config namestr tftpipv4 passwrd Restoring your configuration settings using the CLITo restore configuration settings using the CLI Execute restore config confall 192.168.1.168 ghrffdt123183 184 FortiGate reports Appendix FortiAnalyzer reports in 3.0 MR7185 Intrusion Activity reports MR6 reports MR7 reports Antivirus ActivityAntivirus Activity reports MR6 reports MR7 reports Antivirus Activity reports 187Top Virus Destinations over POP3 WebFilter Activity reports MR6 reports MR7 reports Webfilter Activity189 WebFilter Activity reports Antispam ActivityAntispam Activity reports MR6 reports MR7 reports IM reports MR6 reports MR7 reports IM ActivityAntispam Activity reports 191IM reports VoIP reports MR7 reportsVoIP reports Content Activity193 Network Activity Content Activity reports MR6 reports MR7 reportsNetwork Activity reports MR6 reports MR7 reports Network Activity reports Web Activity195 FTP Activity Mail ActivityReport, Top Mail Servers Connections remains unchanged FTP Activity reports Terminal ActivityVPN Activity Terminal Activity reports MR6 reports MR7 reportsVPN Activity reports MR6 reports MR7 reports Event ActivityEvent Activity reports MR6 reports MR7 reports Event Activity reports P2P ActivityReport, Top Event Categories by Status, was removed P2P Activity reports MR6 reports MR7 reportsAudit Activity P2P Activity reportsSummary Reports 201Detailed Forensic ReportsAudit Report, Top Client Requests to Permitted Sites, was removedMail High Level FortiMail ReportsSummary 203Mail High Level reports Mail Sender reports MR6 reports MR7 reports Mail Sender205 Mail Sender reports Mail Recipient ActivityMail Destination IP Mail Recipient Activity reports MR6 reports MR7 reportsSpam Sender reports MR6 reports MR7 reports Spam SenderMail Destination IP reports MR6 reports MR7 reports 207Spam Sender reports Spam RecipientSpam Recipient reports MR6 reports MR7 reports Spam Recipient reports Spam Destination IPVirus Sender Spam Destination IP reports MR6 reports MR7 reportsVirus Sender reports MR6 reports MR7 reports Virus Recipient reports MR6 reports MR7 reports Virus RecipientVirus Sender reports 211FortiClient Reports Virus Destination IPIndex 213FDN FTP 215Mail server 135 Main Menu 20 managing firmware RFC 217See also protocol test 219 Index FortiAnalyzer Version 3.0 MR7 Administration Guide