Fortinet 592 FortiWeb 5.0 Patch 6 Administration Guide
Choosing the type & format of a report profile
When configuring a report profile, you can select one or more queries or query groups that
define the subject matter of the report.
When configuring a report profile, you can configure various advanced options that affect how
many log messages are used to formulate ranked report subtypes, and how results will be
displayed.
Priority Mark the check box to filter by log severity threshold (in raw logs,
the pri field), then select the name of the severity, such as
Emergency, and whether to include logs that are greater than or
equal to (>=), equal to (=), or less than or equal to (<=) that severity.
Source(s) Type the source IP address (in raw logs, the src field) that log
messages must match.
Note: Source(s) may be the IP address according to an HTTP
header such as X-Forwarded-For: instead of the SRC at the IP
layer. See “Defining your proxies, clients, & X-headers” on
page 266.
Destination(s) Type the destination IP address (in raw logs, the dst field) that log
messages must match.
Http
Method(s)
Type the HTTP method (in raw logs, the http_method field) that
log messages must match, such as get or post.
User(s) Type the administrator account name (in raw logs, the user field)
that log messages must match, such as admin.
Action(s) Type the action (in raw logs, the action field) that log messages
must match, such as login or Alert.
Subtype(s) Type the subtype (in raw logs, the subtype field) that log messages
must match, such as waf_information.
Policy(s) Type the policy name (in raw logs, the policy field) that log
messages must match.
Service(s) Type the service name (in raw logs, the src field) that log messages
must match, such as http or https.
Message(s) Type the message (in raw logs, the msg field) that log messages
must match.
Day of Week Mark the check boxes for the days of the week whose log
messages you want to include.
Setting
name
Description