Report Grouping – FortiAnalyzer 5.4

Report grouping

If you are running a large number of reports which are very similar, you can significantly improve report generation time by grouping the reports. Report grouping can reduce the number of hcache tables and improve auto-hcache completion time and report completion time.

Step 1: Configure report grouping

To group reports whose titles contain the string Security_Report and are grouped by device ID and VDOM, enter the following CLI commands:

config system report group
edit 0
set adom root
config group-by
edit devid next edit
vd next

end

set report-like Security_Report

next

end Notes:

  1. The report-like field is the name pattern of the report that will utilize the report-group This string is case-sensitive.
  2. The group-by value controls how cache tables are grouped.
  3. To see a listing of reports and which ones have been included in the grouping, enter the following CLI command:

execute sql-report list-schedule <ADOM>

Step 2: Initiate a rebuild of hcache tables

To initiate a rebuild of hcache tables, enter the following CLI command:

diagnose sql rebuild-report-hcache <start-time> <end-time>

Where <start-time> and <end-time> are in the format: <yyyy-mm-dd hh:mm:ss>.

Step 3: Perform an hcache-check for a given report

Perform an hcache-check for a given report to ensure that the hcache tables exactly match the start and end time frame for the report time period. Enter the following CLI command:

execute sql-report hcache-check <adom> <report_id> <start-time> <end-time>

If you do not run this command, the first report in the report group will take a little longer to run. All subsequent reports in that group will run optimally.

This entry was posted in FortiAnalyzer, FortiOS, FortiOS 5.4 Best Practices on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.