Reports – FortiManager 5.2

Custom chart wizard

The custom chart wizard is a step by step guide to help you create custom charts. It is only available for FortiGate and FortiCarrier ADOMs.

To start the custom chart wizard, go to Reports > Chart Library, and select Wizard in the toolbar. Follow the steps in the chart wizard, outlined below, to create a custom chart.

Select the Tutorial icon on any of the wizard windows to view the online chart wizard video.

Step 1 of 3 – Choose data

Configure the data that the custom chart will use.

Choose data

Configure the following settings, then select Next to proceed to the next step:

Log Type Select either Traffic Log or Event Log.
Group by                      Select how the data are grouped. Depending on the chart type selected in step 3, this selection will relate to Column 1 (Table), the Y-axis (Bar and Line graphs), or the Legend (Pie chart). See Step 3 of 3 – Preview.

The available options will vary depending on the selected log type:

l  Traffic log: Application Category, Application ID, Application Name,

Attack, Destination Country, Destination Interface, Destination IP, Device Type, Source Interface, Source IP, Source SSID, User, Virus, VPN, VPN Type, Web Category, or Website (Hostname).

l  Event log: VPN Tunnel, or Remote IP.

Aggregate by               Select how the data is aggregated. Depending on the chart type selected in step 3, this selection will relate to Column 2 (Table), the X-axis (Bar and Line graphs), or the Value (Pie chart). See Step 3 of 3 – Preview.

The following options are available: Duration, Received Bytes, Sent Bytes, Total Bytes, Total Sessions or Total Blocked Sessions (Traffic log only).

Show Select how much data to show in the chart from the drop-down list. One of the following: Top 5, Top 10, Top 25, Top 50, or Top 100.
Step 2 of 3 – Add filters

You can add one or more filters to the chart. These filters will be permanently saved to the dataset query.

Add filters page

Configure the following settings:

Match Select All to filter data based on all of the added conditions, or select Any of the Following Conditions to filter the data based on any one of the conditions.
Add Select to add filters. For each filter, select the field, and operator from the drop-down lists, then enter or select the value as applicable.

Filters vary based on device type.

The available filters vary depending on the log type selected.

Select the delete icon to remove a filter.

Destination Interface This filter is available for traffic logs only.

The available operators are: Equals, Not Equal, Contains, and Not Contain.

Destination IP This filter is available for traffic logs only.

The available operators are: Equals, Not Equal, and Range. If Range is selected, enter the starting and ending IP address in the value fields.

Security Action This filter is available for traffic logs only.

The available operators are: Equals and Not Equal. The value is always Pass Through.

Security Event Select Equals orNot Equal from the second drop-down list. Select one of the below options from the third drop-down list.This filter is available for traffic logs only.

The value can be one of the following: Analytics, Application Control, AV

Error, Banned Word, Command Block, DLP, File Filter, General Mail Log,

HTML Script Virus, IPS, MIME Fragmented, MMS Checksum, MMS Dupe,

MMS Endpoint, MMS Flood, MAC Quarantine, Oversize, Script Filter, Spam Filter, SSH Block, SSH Log, Switching Protocols, Virus, VOIP, Web Content, Web Filter, or Worm.

Service This filter is available for both traffic and event logs.

The available operators are: Equals, Not Equal, Contains, and Not Contain.

Source Interface This filter is available for traffic logs only.

The available operators are: Equals, Not Equal, Contains, and Not Contain.

Source IP This filter is available for traffic logs only.

The available operators are: Equals, Not Equal, and Range. If Range is selected, enter the starting and ending IP address in the value fields.

User This filter is available for both traffic and event logs.

The available operators are: Equals, Not Equal, Contains, and Not Contain.

This entry was posted in Administration Guides, FortiManager and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.