Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bascheew
New Contributor III

Report to show the top users (IPs) that have visited specific categories

Our client has asked for a report that would show a list of the top users (or IPs) that have visited specific web filter categories.  I do not see any of the system datasets that have the combination of these fields.  

 

It could be as simple as this:

 

User              Category             Count

10.0.0.3         Hacking                12

10.0.0.5         Proxy Avoidance    8

10.0.0.3         Proxy Avoidance    5

10.0.0.4         Discrimination       2

 

Thanks!

 

1 Solution
chutter_FTNT
Staff
Staff

Hi,

this should work:

 

select coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) as user_src, catdesc, count(*) as sessions from $log where $filter group by user_src, catdesc order by sessions desc

 

Regards

Christian

 

View solution in original post

2 REPLIES 2
chutter_FTNT
Staff
Staff

Hi,

this should work:

 

select coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) as user_src, catdesc, count(*) as sessions from $log where $filter group by user_src, catdesc order by sessions desc

 

Regards

Christian

 

stuart_smiles
New Contributor

What if you want to create a "cloud storage" category for a similar report, totalling user counts over a period of time, so can trend for growth of cloud adoption for apps, data transfer to storage/backup/similar sites, potentially even seeing bandwidth utilisation, traffic manage some storage sites or prioritise during time of day/ so can offer core, lunchtime and out of hours service levels for sites of interest/bandwidth hogs like facebook/instagram video etc, and feedback to users outside of guidelines on overuse, within the fortinet platform ala bluecoat and websense, whilst not blocking, perhaps "encouraging" wait to do it on "own internet" instead.

Labels
Top Kudoed Authors