Agenda

GUI Overview
Looking at Logging
Log View
Event Logs
Reporting
Datasets
Charts
Creating custom reports
Report settings

GUI Overview

ADOM

Function Selector

FortiAnalyzer
Functions

ADOM &
Notifications
Menu

System Settings

ADOM Administrators

Device Manager

FortiView

FortiAnalyzer 5.4 Visualizations

FortiView Bubble Charts
Animated charts for visualizing
FortiView groupings
Hover friendly (for more details)

FortiView Heat Maps

Heat maps display activity plotted
against a world map

FortiView Export to PDF

Currently displayed FortiView can
be exported as a report

10

GUI FortiView Top Applications

11

FortiAnalyzer 5.4 Threat Map

Worldwide Threat Visibility
View risks posed to FortiGates
distributed globally
Threats identified by name,
severity and location
Constrained to ADOM/customer
(not FTNT customers at large)
Full screen mode available for
NOC war room monitoring

12

Log View

13

Event Monitor

14

Reports

15

Looking at the Logs

Log View
Types of Logs
Traffic
Event
Security

Logs are searchable

Tools drop down
Case sensitive search
Raw logs
Chart Builder
17

Formatted logs vs Raw Logs

18

Chart Builder
Simplifies Chart and dataset
creation process

Available in the Tools drop

down
Preview shows what the
chart will be showing
Changes to the Chart need to
be made in the Chart Library

19

Event Monitor

20

Event Details

21

Event Handler
Can send alerts for different events
Events can be local FortiAnalyzer events or
log events from devices sending logs to the
FortiAnalyzer

By default only Local Device Events are

enabled

22

Reporting Overview

Reporting Overview
Reports - set of data organized as charts
When ADOMs are enabled, reports are ADOM specific

Charts consist of data from a dataset and a format

Dataset is the output a SQL SELECT statement
Format is how the dataset is displayed
Pie Chart
Bar Chart
Tables

24

Datasets and Chart Basics

Dataset Overview
FortiAnalyzer internal database is PostgreSQL
Dataset is an SQL query
Uses the SQL select statement

26

SQL Basics
Root Structure of an SQL database is a table
Tables consist of Rows and Column
Columns have unique identifiers and defined data types
Rows contain a group of column values which match the defined data
type for the column or are null
Null has no value. In SQL it does NOT mean 0

Schema logically group objects like tables

Select statements will declare what information should be
gathered not how to gather the information.
27

Chart Basics
Chart Library is ADOM specific
Charts convert text based results from a dataset into a graphical
format
The following are needed to create a chart:
The dataset where the data will come from
How the data will be displayed (chart type)
Determine the data binding

Cloning of existing chart makes chart creation easier

28

Manual Chart Creation

29

Reports

Predefined reports
There are many reports which come
predefined on the FortiAnalyzer

These reports can be cloned

Different folders have been created for
easier navigation

31

Cloning Reports
Allows creation of similar reports
without changing the original report

Cloned reports can be deleted

unlike predefined reports

32

Custom Reports

33

Report Settings

34

Output Profiles

35

36

Filters

37

Report Layout

38