Fortinet black logo

CLI Reference

config log report_queryset

config log report_queryset

Use this command if you need to configure report queries that are different from the predefined queries.

Before you begin:

  • You must have read-write permission for log settings.

After you have configured a query, you can select it in the report configuration.

Syntax

config log report_queryset

edit <name>

set module {attack|dns|event|llb|slb}

set attack_sort_type count

set attack_subtype {top_destip_for_geo|top_destip_for_ipreputation|top_destip_for_sysflood|top_destip_for_waf|top_source_country_for_geo|top_source_country_for_ipreputation|top_source_country_for_waf|top_source_for_geo|top_source_for_ipreputation|top_source_for_waf}

set dns_sort_type count

set dns_subtype {top_policy|top_source}

set event_sort_type count

set event_subtype {top_admin_config|top_admin_login|top_failed_admin_login}

set llb_subtype {top_link|slb_history_flow}

set slb_subtype {slb_history_flow|top_policy|top_source|top_source_country}

set traffic_data_type {sessions|bytes}

next

end

module

Set the reporting module. This setting also filters the commands so that only relevant options are available.

attack_sort_type

Results are ordered by count.

attack_subtype

Key query term.

dns_sort_type

Results are ordered by count.

dns_subtype

Key query term.

event_sort_type

Results are ordered by count.

event_subtype

Key query term.

llb_subtype

Key query term.

slb_subtype

Key query term.

traffic_data_type

Query by session count or bytes.

Example

FortiADC-docs # config log report_queryset

FortiADC-docs (report_queryset) # edit my_slb_query

Add new entry 'my_slb_query' for node 2514

FortiADC-docs (my_slb_query) # get

module : slb

traffic_data_type : bytes

slb_subtype : top_policy

FortiADC-docs (my_slb_query) # set slb_subtype ?

slb_history_flow slb_history_flow

top_policy top_policy

top_source top_source

top_source_country top_source_country

FortiADC-docs (my_slb_query) # set slb_subtype top_source_country

FortiADC-docs (my_slb_query) # next

FortiADC-docs (report_queryset) # edit my_attack_query

Add new entry 'my_attack_query' for node 2514

FortiADC-docs (my_attack_query) # set module attack

FortiADC-docs (my_attack_query) # set attack_subtype ?

top_destip_for_geo top_destip_for_geo

top_destip_for_ipreputation top_destip_for_ipreputation

top_destip_for_sysflood top_destip_for_sysflood

top_destip_for_waf top_destip_for_waf

top_source_country_for_geo top_source_country_for_geo

top_source_country_for_ipreputation top_source_country_for_ipreputation

top_source_country_for_waf top_source_country_for_waf

top_source_for_geo top_source_for_geo

top_source_for_ipreputation top_source_for_ipreputation

top_source_for_waf top_source_for_waf

FortiADC-docs (my_attack_query) # set attack_subtype top_source_country_for_waf

FortiADC-docs (my_attack_query) # get

module : attack

attack_sort_type : count

attack_subtype : top_source_country_for_waf

FortiADC-docs (my_attack_query) # end

FortiADC-docs #

config log report_queryset

Use this command if you need to configure report queries that are different from the predefined queries.

Before you begin:

  • You must have read-write permission for log settings.

After you have configured a query, you can select it in the report configuration.

Syntax

config log report_queryset

edit <name>

set module {attack|dns|event|llb|slb}

set attack_sort_type count

set attack_subtype {top_destip_for_geo|top_destip_for_ipreputation|top_destip_for_sysflood|top_destip_for_waf|top_source_country_for_geo|top_source_country_for_ipreputation|top_source_country_for_waf|top_source_for_geo|top_source_for_ipreputation|top_source_for_waf}

set dns_sort_type count

set dns_subtype {top_policy|top_source}

set event_sort_type count

set event_subtype {top_admin_config|top_admin_login|top_failed_admin_login}

set llb_subtype {top_link|slb_history_flow}

set slb_subtype {slb_history_flow|top_policy|top_source|top_source_country}

set traffic_data_type {sessions|bytes}

next

end

module

Set the reporting module. This setting also filters the commands so that only relevant options are available.

attack_sort_type

Results are ordered by count.

attack_subtype

Key query term.

dns_sort_type

Results are ordered by count.

dns_subtype

Key query term.

event_sort_type

Results are ordered by count.

event_subtype

Key query term.

llb_subtype

Key query term.

slb_subtype

Key query term.

traffic_data_type

Query by session count or bytes.

Example

FortiADC-docs # config log report_queryset

FortiADC-docs (report_queryset) # edit my_slb_query

Add new entry 'my_slb_query' for node 2514

FortiADC-docs (my_slb_query) # get

module : slb

traffic_data_type : bytes

slb_subtype : top_policy

FortiADC-docs (my_slb_query) # set slb_subtype ?

slb_history_flow slb_history_flow

top_policy top_policy

top_source top_source

top_source_country top_source_country

FortiADC-docs (my_slb_query) # set slb_subtype top_source_country

FortiADC-docs (my_slb_query) # next

FortiADC-docs (report_queryset) # edit my_attack_query

Add new entry 'my_attack_query' for node 2514

FortiADC-docs (my_attack_query) # set module attack

FortiADC-docs (my_attack_query) # set attack_subtype ?

top_destip_for_geo top_destip_for_geo

top_destip_for_ipreputation top_destip_for_ipreputation

top_destip_for_sysflood top_destip_for_sysflood

top_destip_for_waf top_destip_for_waf

top_source_country_for_geo top_source_country_for_geo

top_source_country_for_ipreputation top_source_country_for_ipreputation

top_source_country_for_waf top_source_country_for_waf

top_source_for_geo top_source_for_geo

top_source_for_ipreputation top_source_for_ipreputation

top_source_for_waf top_source_for_waf

FortiADC-docs (my_attack_query) # set attack_subtype top_source_country_for_waf

FortiADC-docs (my_attack_query) # get

module : attack

attack_sort_type : count

attack_subtype : top_source_country_for_waf

FortiADC-docs (my_attack_query) # end

FortiADC-docs #