Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config log report

Use this command to configure on-demand or scheduled reports.

Before you begin:

  • You must have read-write permission for log settings.

Syntax

config log report

edit <name>

set email-format pdf

set email-attachname <string>

set email-body <string>

set email-compress {enable|disable}

set email-subject <string>

set on-schedule {enable|disable}

set period-relative {absolute|last-2-weeks|last-7-days|last-14-days|last-30-days|last-N-days|last-N-hours|last-N-weeks| last-month|last-quarter|last-week|this-month|this-quarter|this-week|this-year|today|yesterday}

set period-absolute-from <YYYY-MM-DD-HH:MM:SS>

set period-absolute-to <YYYY-MM-DD-HH:MM:SS>

set queryset <datasource>

set schedule-hour <integer>

set schedule-type {daily|weekdays}

set schedule-weekdays {friday monday saturday sunday thursday tuesday wednesday}

next

end

 

email-format

Attachment format. Only PDF is supported. If you schedule reports and set this option, the report is sent on schedule to all addresses in the config log report email list.

email-attachname

Filename for attachment.

email-body

Message body.

email-compress

Enable/disable compression of the attachment.

email-subject

Message subject.

on-schedule

Enable/disable reporting on schedule.

period-relative

Report period relative to the time it is generated.

period-absolute-from

If period-relative is set to absolute, specify from and to timestamps for one-time reports for a specified time range.

period-absolute-to

queryset

Specify a space-separated list of queries to include in the report attachment. There are many predefined queries, and you can configure user-defined queries with the config log report_queryset command.

schedule-hour

0-23.

schedule-type

Daily or on specified days.

schedule-weekdays

If you do not schedule the report daily, specify the days on which to run it.

Example

FortiADC-docs # config log report

FortiADC-docs (report) # edit my_report

Add new entry 'my_report' for node 1962

 

FortiADC-docs (my_report) # get

on-schedule : enable

queryset :

email-format :

period-relative : yesterday

schedule-type : schedule-hour : 12

 

FortiADC-docs (my_report) # set queryset ?

<datasource> query list

SLB-Top-Policy-By-Bytes log.report_queryset

SLB-Top-Source-By-Bytes log.report_queryset

SLB-Top-Source-Country-By-Bytes log.report_queryset

SLB-History-Flow-By-Bytes log.report_queryset

LLB-Top-Link-by-Bytes log.report_queryset

LLB-History-Flow-By-Bytes log.report_queryset

DNS-Top-Policy-by-Count log.report_queryset

DNS-Top-Source-by-Count log.report_queryset

Attack-Top-Destination-For-IPReputation-By-Count log.report_queryset

Attack-Top-Source-For-IPReputation-By-Count log.report_queryset

Attack-Top-Source-Country-For-IPReputation-By-Count log.report_queryset

Attack-Top-Destination-For-GEO-By-Count log.report_queryset

Attack-Top-Source-For-GEO-By-Count log.report_queryset

Attack-Top-Source-Country-For-GEO-By-Count log.report_queryset

Attack-Top-Destination-For-WAF-By-Count log.report_queryset

Attack-Top-Source-For-WAF-By-Count log.report_queryset

Attack-Top-Source-Country-For-WAF-By-Count log.report_queryset

Attack-Top-Destination-For-Synflood-By-Count log.report_queryset

Event-Top-Admin-Login-By-Count log.report_queryset

Event-Top-Failed-Admin-Login-By-Count log.report_queryset

Event-Top-Admin-Config-By-Count log.report_queryset

 

FortiADC-docs (my_report) # set queryset SLB-Top-Source-Country-By-Bytes Attack-Top-Source-Country-For-WAF-By-Count

FortiADC-docs (my_report) # set email-format pdf

FortiADC-docs (my_report) # set schedule-type daily

FortiADC-docs (my_report) # set email-attachname "Daily_Country_Report"

FortiADC-docs (my_report) # set email-body "This report was sent by your website admin. Please contact admin@example.com to request changes to daily report metrics."

 

FortiADC-docs (my_report) # get

on-schedule : enable

queryset : SLB-Top-Source-Country-By-Bytes Attack-Top-Source-Country-For-WAF-By-Count

email-format : pdf

email-subject : "Daily Country Report" email-body : "This report was sent by your website admin. Please contact admin@example.com to request changes to daily report metrics."

email-attachname : Daily_Country_Report

email-compress : enable period-relative : yesterday

schedule-type : daily schedule-hour : 12

 

FortiADC-docs (my_report) # end

 

config log report

Use this command to configure on-demand or scheduled reports.

Before you begin:

  • You must have read-write permission for log settings.

Syntax

config log report

edit <name>

set email-format pdf

set email-attachname <string>

set email-body <string>

set email-compress {enable|disable}

set email-subject <string>

set on-schedule {enable|disable}

set period-relative {absolute|last-2-weeks|last-7-days|last-14-days|last-30-days|last-N-days|last-N-hours|last-N-weeks| last-month|last-quarter|last-week|this-month|this-quarter|this-week|this-year|today|yesterday}

set period-absolute-from <YYYY-MM-DD-HH:MM:SS>

set period-absolute-to <YYYY-MM-DD-HH:MM:SS>

set queryset <datasource>

set schedule-hour <integer>

set schedule-type {daily|weekdays}

set schedule-weekdays {friday monday saturday sunday thursday tuesday wednesday}

next

end

 

email-format

Attachment format. Only PDF is supported. If you schedule reports and set this option, the report is sent on schedule to all addresses in the config log report email list.

email-attachname

Filename for attachment.

email-body

Message body.

email-compress

Enable/disable compression of the attachment.

email-subject

Message subject.

on-schedule

Enable/disable reporting on schedule.

period-relative

Report period relative to the time it is generated.

period-absolute-from

If period-relative is set to absolute, specify from and to timestamps for one-time reports for a specified time range.

period-absolute-to

queryset

Specify a space-separated list of queries to include in the report attachment. There are many predefined queries, and you can configure user-defined queries with the config log report_queryset command.

schedule-hour

0-23.

schedule-type

Daily or on specified days.

schedule-weekdays

If you do not schedule the report daily, specify the days on which to run it.

Example

FortiADC-docs # config log report

FortiADC-docs (report) # edit my_report

Add new entry 'my_report' for node 1962

 

FortiADC-docs (my_report) # get

on-schedule : enable

queryset :

email-format :

period-relative : yesterday

schedule-type : schedule-hour : 12

 

FortiADC-docs (my_report) # set queryset ?

<datasource> query list

SLB-Top-Policy-By-Bytes log.report_queryset

SLB-Top-Source-By-Bytes log.report_queryset

SLB-Top-Source-Country-By-Bytes log.report_queryset

SLB-History-Flow-By-Bytes log.report_queryset

LLB-Top-Link-by-Bytes log.report_queryset

LLB-History-Flow-By-Bytes log.report_queryset

DNS-Top-Policy-by-Count log.report_queryset

DNS-Top-Source-by-Count log.report_queryset

Attack-Top-Destination-For-IPReputation-By-Count log.report_queryset

Attack-Top-Source-For-IPReputation-By-Count log.report_queryset

Attack-Top-Source-Country-For-IPReputation-By-Count log.report_queryset

Attack-Top-Destination-For-GEO-By-Count log.report_queryset

Attack-Top-Source-For-GEO-By-Count log.report_queryset

Attack-Top-Source-Country-For-GEO-By-Count log.report_queryset

Attack-Top-Destination-For-WAF-By-Count log.report_queryset

Attack-Top-Source-For-WAF-By-Count log.report_queryset

Attack-Top-Source-Country-For-WAF-By-Count log.report_queryset

Attack-Top-Destination-For-Synflood-By-Count log.report_queryset

Event-Top-Admin-Login-By-Count log.report_queryset

Event-Top-Failed-Admin-Login-By-Count log.report_queryset

Event-Top-Admin-Config-By-Count log.report_queryset

 

FortiADC-docs (my_report) # set queryset SLB-Top-Source-Country-By-Bytes Attack-Top-Source-Country-For-WAF-By-Count

FortiADC-docs (my_report) # set email-format pdf

FortiADC-docs (my_report) # set schedule-type daily

FortiADC-docs (my_report) # set email-attachname "Daily_Country_Report"

FortiADC-docs (my_report) # set email-body "This report was sent by your website admin. Please contact admin@example.com to request changes to daily report metrics."

 

FortiADC-docs (my_report) # get

on-schedule : enable

queryset : SLB-Top-Source-Country-By-Bytes Attack-Top-Source-Country-For-WAF-By-Count

email-format : pdf

email-subject : "Daily Country Report" email-body : "This report was sent by your website admin. Please contact admin@example.com to request changes to daily report metrics."

email-attachname : Daily_Country_Report

email-compress : enable period-relative : yesterday

schedule-type : daily schedule-hour : 12

 

FortiADC-docs (my_report) # end