Configuring Fortianalyzer Report Schedules - Fortinet FortiGate Series Administration Manual

Log&Report

Configuring FortiAnalyzer report schedules

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Page Controls Use the controls to page through the list. For details, see
on web-based manager lists" on page
Remove All Removes all quarantined files from the local hard disk.
Entries This icon only appears when the files are quarantined to the hard disk.
File Name The file name of the quarantined file.
Date The date and time the file was quarantined, in the format dd/mm/yyyy hh:mm.
This value indicates the time that the first file was quarantined if duplicates are
quarantined.
Service The service from which the file was quarantined (HTTP, FTP, IMAP, POP3,
SMTP, IM, NNTP, IMAPS, POP3S, SMTPS, or HTTPS).
Status The reason the file was quarantined: infected, heuristics, or blocked.
Status Specific information related to the status, for example, "File is infected with
"W32/Klez.h"" or "File was stopped by file block pattern."
Description
DC Duplicate count. A count of how many duplicates of the same file were
quarantined. A rapidly increasing number can indicate a virus outbreak.
TTL Time to live in the format hh:mm. When the TTL elapses, the FortiGate unit
labels the file as EXP under the TTL heading. In the case of duplicate files, each
duplicate found refreshes the TTL.
The TTL information is not available if the files are quarantined on a
FortiAnalyzer unit.
Upload status Y indicates the file has been uploaded to Fortinet for analysis, N indicates the
file has not been uploaded.
This option is available only if the FortiGate unit has a local hard disk.
Download icon Select to download the corresponding file in its original format.
This option is available only if the FortiGate unit has a local hard disk.
Submit icon Select to upload a suspicious file to Fortinet for analysis.
This option is available only if the FortiGate unit has a local hard disk.
Note: Duplicates of files (based on the checksum) are not stored, only counted. The TTL
value and the duplicate count are updated each time a duplicate of a file is found.
You can configure a FortiAnalyzer report schedule from FortiGate logs in the web-based
manager or CLI. You need to configure a report layout before configuring a report
schedule. Contact a FortiAnalyzer administrator before configuring report schedules from
the FortiGate unit to verify that the appropriate report layout is configured. Report layouts
can only be configured from the FortiAnalyzer unit.
For information about how to configure a report layout, see the
Administration Guide.
Note: Make sure to check the Report Title of the report displayed on the FortiAnalyzer page
before printing.
FortiAnalyzer reports are available only when in a VDOM.
The following procedure describes how to clone a report schedule. When you clone a
report schedule, a duplicate of the original is used as a basis for a new one.
To view the list of report schedules, go to Log&Report > Report Config.
To configure a report schedule, go to Log&Report > Report Config, select Create New,
enter the appropriate information and then select OK.
Configuring FortiAnalyzer report schedules
"Using page controls
102.
FortiAnalyzer
727