Advertisement
I have a Fortigate 30e with Webfiltering and FortiClient EMS server with Webfiltering (small shop)
\nNo FortiAnalyzer
\nNo AD or user integration
\nNo explicit proxy in clients / browsers<\/p>\n
I would like to report on all traffic, or at least web 80/443 to begin with
\nDate time
\nSource IP and host name (internal reverse DNS…?)
\nDest IP and domain
\nURL (if web traffic)<\/p>\n
Is there a way to parse the logs that are already being collected into a readable/usable format? After the investment already made and having 2 tools that filter web traffic, I would rather not pay huge $$ for a report reader…<\/p>","upvoteCount":2,"answerCount":7,"datePublished":"2018-08-13T16:31:25.000Z","author":{"@type":"Person","name":"brianwillms","url":"https://community.spiceworks.com/u/brianwillms"},"acceptedAnswer":{"@type":"Answer","text":"
You should check if Forticloud his enough for your need.<\/p>","upvoteCount":1,"datePublished":"2018-08-15T17:57:27.000Z","url":"https://community.spiceworks.com/t/fortigate-web-filter-reports/667457/3","author":{"@type":"Person","name":"bishop200","url":"https://community.spiceworks.com/u/bishop200"}},"suggestedAnswer":[{"@type":"Answer","text":"
I have a Fortigate 30e with Webfiltering and FortiClient EMS server with Webfiltering (small shop)
\nNo FortiAnalyzer
\nNo AD or user integration
\nNo explicit proxy in clients / browsers<\/p>\n
I would like to report on all traffic, or at least web 80/443 to begin with
\nDate time
\nSource IP and host name (internal reverse DNS…?)
\nDest IP and domain
\nURL (if web traffic)<\/p>\n
Is there a way to parse the logs that are already being collected into a readable/usable format? After the investment already made and having 2 tools that filter web traffic, I would rather not pay huge $$ for a report reader…<\/p>","upvoteCount":2,"datePublished":"2018-08-13T16:31:25.000Z","url":"https://community.spiceworks.com/t/fortigate-web-filter-reports/667457/1","author":{"@type":"Person","name":"brianwillms","url":"https://community.spiceworks.com/u/brianwillms"}},{"@type":"Answer","text":"
You probably should look into syslog function, to send those entries to a log aggregator/analyzer like Splunk, Logentries, ELK, Kiwi etc. There are a lot of options depending on log volume, cost, ease of use. I have a free Splunk instance that I use for only small amounts of logs when debugging.<\/p>","upvoteCount":0,"datePublished":"2018-08-14T15:28:30.000Z","url":"https://community.spiceworks.com/t/fortigate-web-filter-reports/667457/2","author":{"@type":"Person","name":"mtneagle","url":"https://community.spiceworks.com/u/mtneagle"}},{"@type":"Answer","text":"
Forticloud is very much what I am looking for! Thanks! Is there a way to convert Source and Destination IP’s to names?<\/p>","upvoteCount":0,"datePublished":"2018-08-15T18:13:19.000Z","url":"https://community.spiceworks.com/t/fortigate-web-filter-reports/667457/4","author":{"@type":"Person","name":"brianwillms","url":"https://community.spiceworks.com/u/brianwillms"}},{"@type":"Answer","text":"
Seem that it doesn’t. I do get username, but not the computer one.<\/p>","upvoteCount":0,"datePublished":"2018-08-16T11:57:28.000Z","url":"https://community.spiceworks.com/t/fortigate-web-filter-reports/667457/5","author":{"@type":"Person","name":"bishop200","url":"https://community.spiceworks.com/u/bishop200"}},{"@type":"Answer","text":"
Anyone know how to get name resolution on these reports? @bishop19<\/span> and I would love to know!<\/p>","upvoteCount":0,"datePublished":"2018-08-16T12:58:20.000Z","url":"https://community.spiceworks.com/t/fortigate-web-filter-reports/667457/6","author":{"@type":"Person","name":"brianwillms","url":"https://community.spiceworks.com/u/brianwillms"}},{"@type":"Answer","text":" Seem like we are out of luck on this one : Workstation Hostnames in Logs - Fortinet Community<\/a> , except if we pay for Forticloud…<\/p>","upvoteCount":0,"datePublished":"2018-08-16T16:41:41.000Z","url":"https://community.spiceworks.com/t/fortigate-web-filter-reports/667457/7","author":{"@type":"Person","name":"bishop200","url":"https://community.spiceworks.com/u/bishop200"}}]}}