Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cmoney
New Contributor

File Transferred By Application (No Data)

Hey Crew,

 

I have a Fortianalyzer (6.0.1) and I'm seeking some help on this particular dataset: apprisk-ctrl-File-Transferred-By-Application.

 

I tried adjusting some of the query but have since reset it to its default:

select appid, app, filename, cloudaction, max(filesize) as filesize from $log where $filter and filesize is not null and clouduser is not null and filename is not null group by cloudaction, appid, app, filename order by filesize desc

 

My test(s) all come back with No Data. 

 

Any thoughts on where I can begin with this one and how I can adjust this query.

My end goal is to get a log of all files transferred to cloud applications (Google Docs, Box, Dropbox, etc) by user and file size.

 

Thanks in Advance.

 

 

 

1 Solution
RobertReynolds
Contributor

Do you have deep ssl inspection enabled on the same policy as the application control?

View solution in original post

4 REPLIES 4
RobertReynolds
Contributor

Do you have deep ssl inspection enabled on the same policy as the application control?

cmoney

RobertReynolds wrote:

Do you have deep ssl inspection enabled on the same policy as the application control?

Facepalm. NOPE. I didn't set up the policy, so I didn't even think to start there. That answers my question.

 

As a side note: will this affect the device(s) performance and/or increase log sizes? Just curious as we look into this. 

RobertReynolds

I dont think it will add to the log size much, it will just be able to start populating the 'filename' field etc.

 

Refer to the product matrix for the throughput speeds of your model of Fortigate you'll get with SSL Inspection enabled, and keep an eye on resourse usage as this will probably cause an increase.

 

https://www.fortinet.com/...net_Product_Matrix.pdf

 

 

 

 

 

 

CGoodwin
New Contributor

Just as a side note, applications like Dropbox that has it own cert store wont normally work with Deep packet inspection and an exception will have to be setup. Meaning you wont see the files transferred in the logs I am guessing.

FCNSA, FCNSP (NSE4), NSE5

FCNSA, FCNSP (NSE4), NSE5
Labels
Top Kudoed Authors