Hot!Fortiview / Sources

Author
roel.cayme
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/06/28 07:49:39
  • Status: offline
2019/06/28 08:36:10 (permalink)
0

Fortiview / Sources

Hi!
I had a problem viewing all connected users to the FG500D.
I used Fortiview and saw the list of users connected to the firewall, BUT i've noticed only 100 users were displayed and we are sure that it should be more than 100 users.
Where is the settings to expand and view all connected users?
Thanks.
 
 
#1

2 Replies Related Threads

    Dave Hall
    Expert Member
    • Total Posts : 1458
    • Scores: 160
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Fortiview / Sources 2019/06/28 10:33:23 (permalink)
    0
    Top-right side of the window, choose the time-period and set source.
     

    Attached Image(s)


    NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C
    #2
    hubertzw
    Gold Member
    • Total Posts : 192
    • Scores: 5
    • Reward points: 0
    • Joined: 2018/04/16 13:29:04
    • Status: offline
    Re: Fortiview / Sources 2019/06/29 05:05:27 (permalink)
    0
    In Fortiview you have top not all sources or destinations. Look at the sql query, there is a limit of 100 built-in:

    fortiview_request_data()-896: dataset:fv.dest.group tabid:0
    _dump_sql()-829: dataset=fv.dest.group, sql:select dstip, max(dstintf) dst_intf,max(dstdevtype) dst_devtype,max(dstmac) dst_mac,group_concat(distinct appid) appid,group_concat(distinct appservice||case when subapp is null then '' else '_'||subapp end) appname,sum(sessioncount) session_count, sum(case when passthrough<>'block' then sessioncount else 0 end) session_allow, sum(case when passthrough='block' then sessioncount else 0 end) session_block, sum(rcvdbyte) r, sum(sentbyte) s, sum(rcvdbyte + sentbyte) bandwidth ,sum(crscore) score, sum(case when passthrough<>'block' then crscore else 0 end) score_allow, sum(case when passthrough='block' then crscore else 0 end) score_block  from grp_traffic_all_dst  where timestamp between 1551397800 and 1551484200 and 1=1 AND ( ft_ipmask(dstip, 0, '91.189.0.0/16') )  AND srcintfrole  in ('lan','dmz','undefined')  group by dstip   order by bandwidth desc   limit 100;


     
    Source: https://docs.fortinet.com/document/fortigate/6.2.0/new-features/411635/fortiview-subnet-filters


    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5