Fortinet white logo
Fortinet white logo

Administration Guide

Logs used for reports

Logs used for reports

Reports uses Analytics logs to generate reports. Archive logs are not used to generate reports. For more information, see Data policy and automatic deletion.

For reports about users, the FortiGate needs to populate the user field in the logs sent to FortiAnalyzer.

Reports can use the SIEM database (siemdb) generate reports. For example, the data query for the Endpoint Security Vulnerability Report is based on the siemdb, and it uses SIEM normalized logs and the fct_mdata.

You can use the Report Guidance feature to make sure the appropriate Analytics logs are available for a custom or predefined report. For more information, see Report guidance.

The logs used to generate reports is determined by the chart, datasets, and macros. These can be found in the following panes:

  • Reports > Report Definitions > Chart Library

  • Reports > Report Definitions > Macro Library

  • Reports > Report Definitions > Datasets

Logs used for reports

Logs used for reports

Reports uses Analytics logs to generate reports. Archive logs are not used to generate reports. For more information, see Data policy and automatic deletion.

For reports about users, the FortiGate needs to populate the user field in the logs sent to FortiAnalyzer.

Reports can use the SIEM database (siemdb) generate reports. For example, the data query for the Endpoint Security Vulnerability Report is based on the siemdb, and it uses SIEM normalized logs and the fct_mdata.

You can use the Report Guidance feature to make sure the appropriate Analytics logs are available for a custom or predefined report. For more information, see Report guidance.

The logs used to generate reports is determined by the chart, datasets, and macros. These can be found in the following panes:

  • Reports > Report Definitions > Chart Library

  • Reports > Report Definitions > Macro Library

  • Reports > Report Definitions > Datasets