Manuals / Fortinet / Computer Equipment / Network Card

Fortinet FortiLog-400 Configuring a report query, To set the report queries Go to Reports Config

Models: FortiLog-100 FortiLog-400 FortiLog-800

1 124

Download 124 pages 26.49 Kb

Page 59

Reports	Creating and generating a report

Per Virtual Domain

For all devices Per device

Resolve Host Names

Select to generate the report based on the virtual domains configured on the FortiGate devices.

Select to generate the report for all devices.

Select to generate a separate report for each device.

Select to display host names by name rather than IP addresses. For details on configuring IP address host names see “Defining IP aliases” on page 55.

Resolve Service

Names

In 'Ranked Reports' show top

5Select Apply.

Select to display network service names rather than port numbers. For example, HTTP rather than port 80.

For some report types, you can set the top ranked items for the report. When setting top ranked items, the report will only include the most active content. For example, report the most active mail clients within the organization rather than all mail clients.

Configuring a report query

Select the specific information you need to generate a more concise report. Each report category includes a refined list of sub-categories that reports specific information. For example, you can generate an extensive intrusion activity report, or only generate intrusion activity by attacks by top types, or by hour of the day.

The default is to run a report for all information in the log files. Select the specific information you want to include in the report. Reports are listed by categories and sub-categories.You can save the report query selections to use in other reports.

Figure 29: Report query options

To set the report queries

1Go to Reports > Config.

2Select a report from the list.

3Select Queries.

FortiLog Administration Guide

05-16000-0082-20050115

59

Image 59

Fortinet FortiLog-400, FortiLog-100 manual Configuring a report query, To set the report queries Go to Reports Config

Contents

January 15, 2004 FortiLog-100 FortiLog-400 FortiLog-800Regulatory Compliance Version 1.6 January 15 05-16000-0082-20050115Trademarks Table of Contents Managing the FortiLog unit Config NetworkReports 110 Setting folder and file properties103 104FortiLog-400 FortiLog-100 FortiLog-800 IntroductionOperational Modes Active ModeIntroduction Passive ModeFortiLog documentation Explains how to install and set up the FortiLog unitAbout this guide FortiGate documentation Explains how to configure VPNs using the web-based managerRelated documentation Fortinet Knowledge Center FortiManager documentationFortiClient documentation FortiMail documentationCustomer service and technical support Customer service and technical support Checking the package contents Setting up the FortiLog unitFortiLog-100 2.5 kg FortiLog-400 11 kg FortiLog-80014 kg Hardware specifications DimensionsWeight Air flow Planning the installationPower requirements Environmental specificationsTo connect the FortiLog unit to the network Connecting the FortiLog unitConnecting the FortiLog unit FortiLog unit Management PCTo connect to the web-based manager Configuring the FortiLog unitUsing the web-based manager Factory defaults AdministratorSet system interface port1 mode static ip IPaddress netmask Using the command line interfaceTo configure the FortiLog unit using the web-based manager To configure the FortiLog unit using the CLISet system dns primary IPaddress Using the front panel buttons and LCDSet the primary DNS server IP address Configuring the FortiLog unit Sending device logs to the FortiLog unit Connecting to the FortiLog UnitConfiguring FortiGate unit running FortiOS Go to Log&Report Log ConfigFortiGate 2.8 log settings Configuring FortiGate devices running FortiOSFortiGate 2.5 Log settings Configuring FortiMail devicesUnregistered Adding a deviceTo add a device Groups from this tabDefining device port interfaces To create a device group Go to System Devices Groups Creating Device GroupsStatus Managing the FortiLog unitStatus Alerts Operating ModeInterval RefreshSet system opmode activepassive To change the operating mode in the CLIChanging the FortiLog host name Changing operating modesChanging the firmware To change the firmware using the web-based managerViewing system resources information Execute restore image FortiLog400-v120.out Installing firmware from a system rebootTo change the firmware using the CLI Execute restore image namestr tftpipEnter Local Address To install firmware from a system rebootPress any key to enter configuration menu Immediately press any key to interrupt the system startupEnter File Name image.out Testing a new firmware imageTo test a new firmware image before installing it Following message appearsYou can test the new firmware image as required Installing a backup firmware imageSave as Default firmware/Run image without savingD/R Get system statusType B To install a backup firmware imageTo switch to the backup firmware image Switching to a backup firmware imageSwitching to the default firmware image To backup up system settings Go to System Status Status Backing up system settingsTo switch back to the default firmware image Execute rebootRestoring a FortiLog unit Restoring system settingsRestore factory default system settings To restore system settings Go to System Status StatusPress any key to begin download To upload the firmware image to the FortiLog unitNetwork ConfigConfig RAID Port Log settingsConfig Policy Log to HostLevels Description Generated by Config PolicyLog policy CSV formatLanguage AdminTime OptionsConfigure Administrator access Administrator options Administrator account levelsTo add an administrator account Go to System Config Admin Devices Active modeChanging the Administrator password Editing device information Device listAdding and registering a device To edit a device Go to System Devices Alert EmailServer Creating a new device alert Device Active modeLocal Attack Type Entry and listing Level of wait interval Attack TypeVirus Type AlertsTo add a device alert Go to System Alert Email Device Window Network SharingDefining IP aliases IP aliases To set host alias names Go to Reports IP AliasesSelect New and enter a name for the report To create a report Go to Reports ConfigReports Creating and generating a reportSelect Run now Configuring report parametersTo define report parameters Go to Reports Config Set the followingSelect a report from the list Select Queries Configuring a report queryTo set the report queries Go to Reports Config Resolve Service Names Ranked Reports show topTo create a query profile To select the devices Go to Reports ConfigCreating a query profile Selecting the devices for the reportTo create a device profile To set the filtering on a log report Go to Reports ConfigCreating a device profile Select filtering optionsTo create a report filter profile Setting a report scheduleTo create a scheduled report Go to Reports Config Creating a filter profileTo create a report schedule profile Creating a report schedule profileChoosing the report destination and format Select Schedule Select a day from the followingTo create a pre-defined output selection To generate a report on demand Go to Reports ConfigCreating a report destination and format profile Reports on demandTo view a generated report Go to File Browse Reports Viewing reportsIndividual reports Roll up reportCreating and generating a report To create a report Go to Reports Config VulnerabilityVulnerability reports Selecting plug-ins Per device Resolve Host Names Resolve Service NamesSelecting report result parameters To create a plug-in profile To select the plug-ins Go to Reports Config VulnerabilitiesCreating a plug-in profile Selecting the scan targets for the reportTo create a scan target profile Creating a scan target profileTo add additional devices As an email attachment FileBrowse/Reports hard disk Email listSelect the report name from the list of completed reports Viewing the vulnerability reportUsing Logs Viewing logs Log view interfaceAscending and descending order Finding log informationTo view the device log files Go to File Browse Logs Select the column header to change the sort order betweenBasic log filter Match Up and Down arrows Importing log filesAlert level To import a log file Go to File Browse LogsShow Up and Down arrows Log watch Active modeLog Search To set log watching Go to File Browse LogsSort list Event correlation Active modeEvent correlation Active mode Connecting to the FortiLog file system Using the FortiLog unit as a NASAdding and modifying user accounts Providing access to the FortiLog hard diskSelect Enable for a file sharing protocol Selecting a file sharing protocolSelect Create New Assigning access to foldersAdding and modifying group accounts To add a user group Go to Network Sharing GroupsWindows sharing configuration NFS share configuration Modifying the user or group folder accessOwner Setting folder and file propertiesTo set file and folder permissions Go to File Browse Files CLI documentation conventions FortiLog CLI referenceTo connect to the FortiLog-800 console Connecting to the CLIConnecting to the FortiLog-800 console FortiLog-800 loginWelcome Setting administrative access for SSH or TelnetTo use the CLI to configure SSH or Telnet access To connect to the CLI using Telnet Connecting to the FortiLog CLI using SSHConnecting to the FortiLog CLI using Telnet To connect to the CLI using SSHExecute branch CLI commandsFortiLog CLI commands include Get branch Use get to display settings, logs, or system informationGet command architecture Get report aliases Get log logsettingGet system admin Get report resolveSet branch Use set to configure settings, logs, or system informationUse set alertemail to configure alert mails Set alertemail command architectureSet alertmail local time 0.5 1.0 3.0 6.0 String is the passwordNamestr is the user name BelowSettings originate from a singe source IP CLI commandsSet alertmail device enable add leveltime Set console Use set console to set console configurationSet log Use set log to configure log settingsSet log command architecture YY-MM-DD 100 101 102 103 Set NAS104 Set report command architectureSet report Set system105 106 107 Netmaskstr is the netmask 1080.0 Trusthoststr is trusted host IP address109 Unset branch 111 112 113 Appendix a Log Report TypesNetwork Activity Web ActivityFTP Activity Mail activity reports record Email traffic and connections Terminal ActivityMail Activity 115Web Filter Activity Intrusion ActivityAntivirus Activity 117 Mail Filter ActivityVPN Activity Content Activity119 120 121 IndexIndex 122123 124