Category Archives: FortiOS 6.2

FortiAnalyzer – FortiOS 6.2.3 – FortiRecorder

Leave a reply

FortiRecorder

The FortiRecorder module allows you to set up, manage, and view cameras directly through the FortiAnalyzer GUI.

Cameras can be set to record continuously and/or when motion is detected. Recorded video is stored in the root storage of the FortiAnalyzer device, however, it can be accessed from other ADOMs.

FortiRecorder includes two panes:

  • Camera Manager: Allows you to configure devices, profiles, and schedules.
  • Monitor: Allows you to view streaming and recorded video from configured devices.

Configuring cameras in the Camera Manager

In the Camera Manager pane, you can set up and manage the cameras connected to the FortiAnalyzer FortiRecorder module.

Creating a camera key

In order to enable cameras in the FortiRecorder module, a camera key must be created.

Camera keys are used by FortiAnalyzer to generate camera admin and operator passwords.

Only one camera key is required per FortiAnalyzer.

To set a camera key in the CLI:

config fortirecorder global

set camera key end

Setting up a camera

New cameras automatically detected by FortiAnalyzer will appear in the FortiRecorder> Camera dashboard.

In order for FortiAnalyzer to detect cameras automatically, the cameras must be:

l Assigned a DHCP address through a connected FortiGate. l Connected with Power over Ethernet (PoE) to the FortiAnalyzer.

If a DHCP server is not available, cameras can also be set up with a static IP address through the Create New menu in the Camera dashboard.

A camera key must be set before cameras can be activated in FortiAnalyzer. See Creating a camera key on page 143.

To activate a camera detected by the FortiAnalyzer:

  1. Go to FortiRecorder > Camera Manager > Camera.
  2. Select the Unauthorized
  3. Right-click a detected camera and select Authorize. The Edit Camera Device menu will open.
  4. Configure the camera settings, then select OK.

Camera settings will vary depending on the model of camera detected. For information on the individual camera settings, see the FortiRecorderAdministration Guide.

  1. Once successfully authorized, the camera will be enabled.

If a camera fails to connect, it will be displayed with an error icon. Right-click the device to Disable it and then attempt to Enable it again. This will reload the default settings for the device and may correct issues which are preventing it from connecting successfully.

In a HA configuration, FortiRecorder devices should only be configured on the FortiAnalyzer device on which they were set up. When attempting to modify a camera being managed by another device, a warning message will be displayed.

Configuring camera profiles

Camera profiles define which video profile, schedules, recording types, and storage options are set for each camera.

You can modify the default camera profiles, create new profiles, or clone an existing profile in the Camera Profile dashboard.

To create or edit a camera profile:

  1. Go to FortiRecorder > Camera Manager > Camera Profile.
  2. Click Create New or select an existing camera profile and click Edit.
  3. Configure the following information:
Name Enter a name to identify the camera profile.
Video Profiles  
Recording profile Select a video profile from the dropdown list to set the resolution, frames per second, video codec, bitrate, quality, and audio of the recorded video. See Configuring video profiles on page 147.
Viewing profile Select a video profile from the dropdown list to set the resolution, frames per second, video codec, bitrate, quality, and audio of the streaming video. See Configuring video profiles on page 147.
Schedule By default, the schedule is set to Always.

New schedules can initially only be added through the FortiAnalyzer CLI. See Assigning camera schedules to a profile on page 148.
Recording & Detection Settings  
Recording type Select the recording type(s). l Continuous: Records video for the entire duration of the schedule, regardless of movement.

l Motion detection: Records a video clip each time the camera’s sensor detects movement.

See Enabling motion detection on page 150.
Schedule By default, the schedule is set as Always.

New schedules can initially only be added through the FortiAnalyzer CLI. See Assigning camera schedules to a profile on page 148.
Storage Options  
Continuous recordings Select the storage options for continuous recordings: l Keep until overwritten: Retain video until all available disk space is nearly full. The oldest video will be overwritten.

l Delete: Remove video when it exceeds the specified maximum age. Note that if the disk is full before the maximum age is reached, the oldest video will still be overwritten.
Detection recordings Select the storage options for detection recordings: l Keep until overwritten: Retain video until all available disk space is nearly full. The oldest video will be overwritten. l Delete: Remove video when it exceeds the specified maximum age. Note that if the disk is full before the maximum age is reached, the oldest video will still be overwritten.

l Use continuous recordings if available: If a recording of the detected event is already stored as a continuous recording, the detection recording will not be saved to avoid duplication.
  1. Select OK.

Configuring video profiles

By default, there are three video profiles.

l low-resolution l med-resolution l high-resolution

The default video profiles can be customized, and new profiles can be created.

To create or edit a video profile:

  1. Go to FortiRecorder > Camera Manager > Video Profile.
  2. Click Create New or select an existing video profile and click Edit.
  3. Configure the following information:
Name Enter a name to identify the video profile.
Video codec Select a video codec from Default, H.264 AVC, and H.265 HEVC.
Resolution Select the amount of detail in the image from the dropdown menu.

Lower resolutions feature less detail but are faster to transmit.

Higher resolutions produce a clearer image but require more bandwidth. A higher resolution is preferable if the camera is recording a large space, such as a parking lot, where small details like faces and license plates could be important.

Note: Resolution greatly impacts performance, bandwidth, and the rate at which the disk space is consumed.
Frames per second Type the number of frames per second (FPS).

Conventional video is 24 frames per second. More frames per second may be useful if you need to record very fast motion, but increasing FPS will also increase disk usage and CPU usage.
Bitrate mode Select a bitrate:

Variable: Automatically adjust the stream to the minimum bitrate required by the current video frames while maintaining video quality.

Fixed: Manually specify a constant bitrate.

Specifying a bitrate that is too low may result in poor quality. Specifying a bitrate that is too high may needlessly consume extra bandwidth.
Bitrate Type the bitrate that will be used.

This setting appears and is applicable only if the Bitrate mode is Fixed.
Quality Select the video quality from Extra Low, Low, Normal, High, and Extra High.
Audio enable Toggle to enable or disable audio in the video stream or recording.
  1. Select OK.

Creating and editing camera schedules

The FortiRecorder module includes one default schedule: Always.

The default schedule can be customized, and new schedules can be created.

To use a custom camera schedule, it must first be assigned to the camera profile through the FortiAnalyzer CLI.

Once assigned, you can use the FortiAnalyzer GUI to select the new schedule for each recording stream or recording type. See Assigning camera schedules to a profile on page 148.

To create or edit a camera schedule:

  1. Go to FortiRecorder > Camera Manager > Schedule.
  2. Click Create New or select an existing schedule and click Edit.
  3. Configure the following information:
Setting name Description
Name Enter a name to identify the camera schedule.
Description Enter a description of the schedule (optional).
Type Select a schedule type:

l Recurring: The schedule happens at specified times on selected days. l One-time: The schedule happens only during the specified date-range.
Days Select the days you want the camera to begin recording if you have selected the Recurring schedule type.
All day Select this option if you want the camera to record all day long.
Start time/End time Select the start and end time for the Recurring recording or the start and end date for the One-time recording.
  1. Select Save.

Assigning camera schedules to a profile

By default, camera profiles are set to use the Always schedule.

To assign a custom schedule to a camera profile, you must first enable it through the CLI. Once enabled, a table is added to the Camera Profile editor which allows you to select the custom schedule.

After the first custom schedule has been enabled on a profile, subsequent schedules can be selected directly through the GUI. New schedules can be created by clicking the Create New button above the table.

For more information on creating a custom schedule, see Creating and editing camera schedules on page 148.

To enable a recording schedule in the FortiAnalyzer CLI:

config fortirecorder camera profile edit [profile name] config recording-schedule edit [schedule name]

end

To enable a video schedule in the FortiAnalyzer CLI:

config fortirecorder camera profile edit [profile name] config video-schedule edit [schedule name]

end

To assign the schedule through the GUI:

  1. Go to FortiRecorder > Camera Manager > Camera Profile.
  2. Select the camera profile and click Edit.

A table appears underneath the Video Profiles and/or Recordings & Detections Settings sections, depending on where you enabled the schedule.

  1. Select a recording type or recording stream, then click Edit.
  2. Select a schedule from the dropdown menu.
  3. Click OK.

 

Enabling motion detection

Motion detection can be enabled on cameras through the Camera Profile.

To enable motion detection:

  1. Go to FortiRecorder > Camera Profile.
  2. Click Create New or select an existing camera profile and click Edit.
  3. In Recordings & Detections Settings select Motion detection as the recording type.

Both Continuous and Motion detection recording types can be enabled at the same time.

  1. Enter any additional settings you want to configure for this camera profile and click OK.
  2. Go to FortiRecorder > Camera and double click the camera where motion detection is to be enabled.
  3. In the camera settings, select the profile where motion detection is enabled.
  4. Select OK.

Motion detected recordings can be viewed in the Monitor dashboard, and is identified in red in the camera’s activity timeline. See Watching live and recorded video in the Monitor on page 150.

Watching live and recorded video in the Monitor

The Monitor pane allows you to view the streaming and recorded video captured by devices configured to the FortiAnalyzer.

To view a video stream:

  1. Go to FortiRecorder > Monitor.
  2. Click Add Widget.
  3. Select the device to be displayed from the dropdown menu.
  4. Once added, the widget displays the video stream from the selected camera.

To watch recorded video:

  1. Go to FortiRecorder > Monitor. The recorded video clips for each camera appear in a timeline below the video stream.
  2. To locate a video clip, use the scroll wheel on your mouse to zoom in on a time frame. Ensure that your mouse cursor is centered in the area that you want to zoom in. You can also navigate the timeline by dragging it to the left or right.
  3. Click on a recorded video in the timeline to begin playback. Time periods in the timeline panel are color-coded: l Light blue: Recorded video clips. l Red: A motion detection-based recording that was not initiated by a schedule. l White/blank: No recording at that time period.
  4. To return to the live stream from the recording view, click Back to Live.

Video can also be viewed in a Picture in picture mode.

This option opens a small window which persists outside of the browser.

To launch Picture in picture mode, select the menu icon on the bottom-right side of the video and choose Picture in picture.

Enabling and disabling FortiRecorder

By default, the FortiRecorder module is disabled in FortiAnalyzer.

The FortiRecorder module can be enabled or disabled on supported platforms through the FortiAnalyzer CLI.

To enable the FortiRecorder module in the CLI:

config system global set disable-module none

end

To disable the FortiRecorder module in the CLI:

config system global set disable-module fortirecorder

end

Supported platforms and cameras

Supported platforms

Below is a list of the FortiAnalyzer appliances that support the FortiRecorder module.

Platform   Maximum number of cameras Storage (TB)
FAZ-200F   4 4
FAZ-300F   6 4
FAZ-400E   12 6
FAZ-800F   16 8
FAZ-1000E   30 18
FAZ-2000E   40 30
FAZ-3000F   50 42
FAZ-3700F   60 216

Supported cameras

The following FortiCamera models are supported in the FortiRecorder module: l FCM-CB20 l FCM-FD20 l FCM-FD20B l FCM-FD40 l FCM-MB40 l FCM-MD20 l FCM-MD40 l FCM-OB30

 

FortiAnalyzer – FortiOS 6.2.3 – Report calendar

Leave a reply

Report calendar

You can use the report calendar to view all the reports that are scheduled for the selected month. You can edit or disable upcoming report schedules, as well as delete or download completed reports.

Viewing all scheduled reports

To view all scheduled reports:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Advanced > Report Calendar.
  3. Hover the mouse cursor over a calendar entry to display the name, status, and device type of the scheduled report.
  4. Click a generated report to download it.
  5. Click a scheduled report to go to the Settings tab of the report.
  6. Click the left or right arrow at the top of the Report Calendar pane to change the month that is displayed. Click Today to return to the current month.

Managing report schedules

You can manage report schedules in Reports > Advanced > Report Calendar.

To edit a report schedule:

  1. In Report Calendar, right-click an upcoming calendar entry, and select Edit.
  2. In the Settings tab of the report that opens, edit the corresponding report schedule.

To disable a report schedule:

In Report Calendar, right-click an upcoming calendar entry, and select Disable. All scheduled instances of the report are removed from the report calendar. Completed reports remain in the report calendar.

To delete or download a completed report:

In Report Calendar, right-click a past calendar entry, and select Delete or Download. The corresponding completed report will be deleted or downloaded.

 

FortiAnalyzer – FortiOS 6.2.3 – Report languages

Leave a reply

Report languages

You can specify the language of reports when creating a report.

Exporting and modifying a language

You can export a language and modify it to create a different language or modify the text in a predefined language.

One way to create a new language is to export a predefined language, modify the text to a different language, save the file as a different language name, and import it back into FortiAnalyzer. The file name must be one of the languages in the Advanced Settings section of the Reports Settings tab > Language dropdown list.

If you want to modify a predefined language, export the predefined language, modify the text, and import it back into FortiAnalyzer.

To export and modify a language:

  1. Go to Reports > Advanced > Language.
  2. Select a language and click Export. The language is exported as a zip file into your default downloads folder.
  3. Extract the zip file and use a text editor to modify it.
  4. Change the text after the equal sign (=) to a different language or text.
  5. Zip the modified file. The file name must be one of the languages in the Advanced Settings section of the Reports Settings tab > Language dropdown list.

The new language file is ready to be imported into FortiAnalyzer.

Importing a language

To import a language:

  1. Go to Reports > Advanced > Language.
  2. Click Import and locate the language file.

The language file must be a zip file with only one language file in it. Both the language file name and zip file name must be one of the language names in the Advanced Settings section of the Reports Settings tab > Language dropdown list.

  1. Import the language zip file.

In Reports > Advanced > Language, you can select this language when you create or run reports.

FortiAnalyzer – FortiOS 6.2.3 – Output profiles

1 Reply

Output profiles

Output profiles allow you to define email addresses to which generated reports are sent and provide an option to upload the reports to FTP, SFTP, or SCP servers. Once created, an output profile can be specified for a report.

Creating output profiles

To create output profiles:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Advanced > Output Profile.
  3. Click Create New. The Create Output Profile pane is displayed.
  4. Provide the following information, and click OK:
Name Enter a name for the new output profile.
Comments Enter a comment about the output profile (optional).
Output Format Select the format or formats for the generated report. You can choose PDF, HTML, XML, or CSV format.
Email Generated Reports Enable emailing of generated reports.
Subject Enter a subject for the report email.
Body Enter body text for the report email.
Recipients Select the email server from the dropdown list and enter to and from email addresses. Click Add to add another entry so that you can specify multiple recipients.
Upload Report to Server Enable uploading of generated reports to a server.
Server Type Select FTP, SFTP, or SCP from the dropdown list.
Server Enter the server IP address.
User Enter the username.
Password Enter the password.
Directory Specify the directory where the report will be saved.
Delete file(s) after uploading Select to delete the generated report after it has been uploaded to the selected server.

Managing output profiles

You can manage output profiles by going to Reports > Advanced > Output Profile. Some options are available as buttons on the toolbar. Some options are available in the right-click menu. Right-click an output profile to display the menu.

Option Description
Create New Creates a new output profile.
Edit Edits the selected output profile.
Delete Deletes the selected output profile.

FortiAnalyzer – FortiOS 6.2.3 – Datasets

Leave a reply

Datasets

Use the Datasets pane to create, edit, and manage your datasets.

Creating datasets

FortiAnalyzer datasets are collections of data from logs for monitored devices. Charts and macros reference datasets. When you generate a report, the datasets populate the charts and macros to provide data for the report.

FortiAnalyzer has many predefined datasets that you can use right away. You can also create your own custom datasets.

To create a new dataset:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Report Definitions > Datasets, and click Create New.
  3. Provide the required information for the new dataset.
Name                                       Enter a name for the dataset.
Log Type                                 Select a log type from the dropdown list.

l  The following log types are available for FortiGate: Application Control,

Intrusion Prevention, Content Log, Data Leak Prevention, Email Filter,

Event, Traffic, Virus, VoIP, Web Filter, Vulnerability Scan, FortiClient Event, FortiClient Traffic, FortiClient Vulnerability Scan, Web Application Firewall, GTP, DNS, SSH, and Local Event.

l  The following log types are available for FortiMail: Email Filter, Event, History, and Virus.

l  The following log types are available for FortiWeb: Intrusion Prevention, Event, and Traffic.
Query Enter the SQL query used for the dataset. An easy way to build a custom query is to copy and modify a predefined dataset’s query.
Variables                                Click the Add button to add variable, expression, and description information.
Test query with specified devices and time period
Time Period             Use the dropdown list to select a time period. When selecting Custom, enter the start date and time, and the end date and time.
Devices       Select All Devices or Specify to select specific devices to run the SQL query against. Click the Select Device button to add multiple devices to the query.
                     Test                         Click to test the SQL query before saving the dataset configuration.
  1. Click Test.

The query results are displayed. If the query is not successful, an error message appears in the Test Result pane.

  1. Click OK.

Viewing the SQL query of an existing dataset

You can view the SQL query for a dataset, and test the query against specific devices or all devices.

To view the SQL query for an existing dataset:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Report Definitions > Datasets.
  3. Hover the mouse cursor over the dataset on the dataset list. The SQL query is displayed as a tooltip. You can also open the dataset to view the Query

SQL query functions

In addition to standard SQL queries, the following are some SQL functions specific to FortiAnalyzer. These are based on standard SQL functions.

root_domain(hostname) The root domain of the FQDN. An example of using this function is:

select devid, root_domain(hostname) as website FROM $log WHERE’user’=’USER01′ GROUP BY devid, hostname ORDER BY hostname LIMIT 7
nullifna(expression) This is the inverse operation of coalesce that you can use to filter out n/a values. This function takes an expression as an argument. The actual SQL syntax this is base on is select nullif(nullif(expression, ‘N/A’), ‘n/a’).

In the following example, if the user is n/a, the source IP is returned, otherwise the username is returned.

select coalesce(nullifna(‘user’), nullifna(‘srcip’)) as user_ src, coalesce(nullifna(root_domain(hostname)),’unknown’) as domain FROM $log WHERE dstport=’80’ GROUP BY user_src, domain ORDER BY user_src LIMIT 7
email_domain email_user email_domain returns the text after the @ symbol in an email address. email_user returns the text before the @ symbol in an email address. An example of using this function is:

select ‘from’ as source, email_user(‘from’) as e_user, email_ domain(‘from’) as e_domain FROM $log LIMIT 5 OFFSET 10
from_dtime from_itime from_dtime(bigint) returns the device timestamp without time zone. from_itime(bigint) returns FortiAnalyzer’s timestamp without time zone. An example of using this function is:

select itime, from_itime(itime) as faz_local_time, dtime, from_ dtime(dtime) as dev_local_time FROM $log LIMIT 3

Managing datasets

You can manage datasets by going to Reports > Report Definitions > Datasets. Some options are available as buttons on the toolbar. Some options are available in the right-click menu. Right-click a dataset to display the menu.

Option Description
Create New Creates a new dataset.
Edit Edits the selected dataset. You can edit datasets that you created. You cannot edit predefined datasets.
View Displays the settings for the selected dataset. You cannot edit predefined datasets.
Delete Deletes the selected dataset. You can delete datasets that you create. You cannot delete predefined datasets.
Clone Clones the selected dataset. You can edit cloned datasets.
Validate Validate selected datasets.
Validate All Custom Validates all custom datasets.
Search Lets you search for a dataset name.

FortiAnalyzer – FortiOS 6.2.3 – Macro library

Leave a reply

Macro library

Use the Macro library to create, edit, and manage your macros.

Creating macros

FortiAnalyzer includes a number of predefined macros. You can also create new macros, or clone and edit existing macros.

Macros are predefined to use specific datasets and queries. They are organized into categories, and can be added to, removed from, and organized in reports.

To create a new macro:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Report Definitions > Macro Library, and click Create New. The Create Macro pane is displayed.
  3. Provide the required information for the new macro.
Name Enter a name for the macro.
Description Enter a description of the macro.
Dataset Select a dataset from the dropdown list.The options will vary based on device type.
Query Displays the query statement for the dataset selected.
Data Binding The data bindings vary depending on the dataset selected. Select a data binding from the dropdown list.
Display Select a value from the dropdown list.
  1. Click OK. The newly created macro is shown in the Macro library.

Managing macros

You can manage macros by Reports > Report Definitions > Macro Library. Some options are available as buttons on the toolbar. Some options are available in the right-click menu. Right-click a macro to display the menu.

Option   Description
Create New   Creates a new macro.
Edit   Edits the selected macro. You can edit macros that you created. You cannot edit predefined macros.
View   Displays the settings for the selected macro. You cannot edit a predefined macro.
Delete   Deletes the selected macro. You can delete macros that you create. You cannot delete predefined macros.
Clone   Clones the selected macro.
Show Predefined   Displays the predefined macros.
Show Custom   Displays the custom macros.
Search   Lets you search for a macro name.

Viewing datasets associated with macros

To view datasets associated with macros:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Report Definitions> Macro Library.
  3. Select a macro, and click View (for predefined macros) or Edit (for custom macros) in the toolbar.
  4. In the View Macro or Edit Macro pane, find the name of the dataset associated with the macro in the Dataset
  5. Go to Reports > Report Definitions> Datasets.
  6. In the Search box, type the name of the dataset.
  7. Double-click the dataset to view it.

FortiAnalyzer – FortiOS 6.2.3 – Chart library

Leave a reply

Chart library

Use the Chart library to create, edit, and manage your charts.

In a Security Fabric ADOM, you can insert charts from all device types into a single report.

Creating charts

To create charts:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Report Definitions > Chart Library.
  3. Click Create New in the toolbar.
  4. Configure the settings for the new chart, the click OK.
Name Enter a name for the chart.
Description Enter a description of the chart.
Dataset Select a dataset from the dropdown list. For more information, see Datasets on page 136. Options vary based on device type.
Resolve Hostname Select to resolve the hostname. Select one of the following: Inherit, Enabled, or Disabled.
Chart Type Select a graph type from the dropdown list; one of: Table, Bar, Pie, Line, Area, Donut, or Radar. This selection affects the rest of the available selections.
Data Bindings The data bindings vary depending on the chart type selected.
Table  
Table Type Select Regular, Ranked, or Drilldown.
Add Column Select to add a column. Up to 15 columns can be added for a Regular table.

Ranked tables have two columns, and Drilldown tables have three columns.
Columns The following column settings must be set: l Column Title: Enter a title for the column. l Width: Enter the column width as a percentage.

Data Binding: Select a value from the dropdown list. The options vary depending on the selected dataset.

Format: Select a value from the dropdown list.

Add Data Binding: Add data bindings to the column. Every column must have at least one data binding. The maximum number varies depending

 

  on the table type.
Order By Select what to order the table by. The available options vary depending on the selected dataset.
Show Top Enter a numerical value. Only the first ‘X’ items are displayed. Other items can be bundled into the Others category for Ranked and Drilldown tables.
Drilldown

Top

 Enter a numerical value. Only the first ‘X’ items are displayed. This options is only available for Drilldown tables.
Bar  
X-Axis Data Binding: Select a value from the dropdown list. The available options vary depending on the selected dataset.

Label: Enter a label for the axis.

Show Top: Enter a numerical value. Only the first ‘X’ items are displayed.

Other items are bundled into the Others category.
Y-axis Data Binding: Select a value from the dropdown list. The available options vary depending on the selected dataset.

Format: Select a format from the dropdown list: Bandwidth, Counter, Default, Percentage, or Severity. l Label: Enter a label for the axis.
Bundle rest into “Others” Select to bundle the rest of the results into an Others category.
Group By l Data Binding: Select a value from the dropdown list. The available options vary depending on the selected dataset. l Show Top: Enter a numerical value. Only the first ‘X’ items are displayed.

Other items can be bundled into the Others category.
Order By Select to order by the X-Axis or Y-Axis.
Pie, Donut, or Radar  
Category Data Binding: Select a value from the dropdown list. The available options vary depending on the selected dataset.

Label: Enter a label for the axis.

Show Top: Enter a numerical value. Only the first ‘X’ items are displayed.

Other items can be bundled into the Others category.
Series Data Binding: Select a value from the dropdown list. The available options vary depending on the selected dataset.

Format: Select a format from the dropdown list: Bandwidth, Counter, Default, Percentage, or Severity. l Label: Enter a label for the axis.
Bundle rest into “Others” Select to bundle the rest of the results into an Others category.
Line or Area  
X-Axis l Data Binding: Select a value from the dropdown list. The available
  options vary depending on the selected dataset.

l Format: Select a format from the dropdown list: Default, or Time. l Label: Enter a label for the axis.
Lines Data Binding: Select a value from the dropdown list. The available options vary depending on the selected dataset.

Format: Select a format from the dropdown list: Bandwidth, Counter, Default, Percentage, or Severity.

Type: Select the type from the dropdown list: Line Up or Line Down. l Legend: Enter the legend text for the line.
Add line Select to add more lines.

Managing charts

Manage your charts in Reports > Report Definitions > Chart Library. Some options are available as buttons on the toolbar. Some options are available in the right-click menu. Right-click a chart to display the menu.

Option Description
Create New Creates a new chart.
Edit Edits a chart. You can edit charts that you created. You cannot edit predefined charts.
View Displays the settings for the selected predefined chart. You cannot edit a predefined chart.
Delete Deletes the selected chart. You can delete charts that you create. You cannot delete predefined charts.
Clone Clones the selected chart.
Import Imports a previously exported FortiAnalyzer chart.
Export Exports one or more FortiAnalyzer charts.
Show Predefined Displays the predefined charts.
Show Custom Displays the custom charts.
Search Lets you search for a chart name.

Viewing datasets associated with charts

To view datasets associated with charts:

  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Reports > Report Definitions > Chart Library.
  3. Select a chart, and click View in the toolbar.
  4. In the View Chart pane, find the name of the dataset associated with the chart in the Dataset
  5. Go to Reports > Report Definitions > Datasets.
  6. In the Search box, type the name of the dataset.
  7. Select the dataset that is found, and click View in the toolbar to view it.

Viewing event details and Acknowledging Events – FortiAnalyzer

Leave a reply

Viewing event details

In an event list, to view event details, double-click an event line to drill down for more details.

The event details page contains information about the event and a list of all individual logs. You can work on events using buttons in the toolbar or by right-clicking an event. l To change what columns to display, click Column Settings or Column Settings > More Columns. l In event details, to view raw logs, click Tools > Display Raw. l To switch back to formatted log view, click Tools > Formatted Log. l To return to the previous page, click the back button.

Acknowledging events

Acknowledging an event removes it from the event list. Click Show Acknowledged to view acknowledged events.

To acknowledge events:

l In the event list, select one or more events, then right-click and select Acknowledge.