Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 7.6.0 CLI Reference
    7.6.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config log report_queryset

    config log report_queryset

    Use this command if you need to configure report queries that are different from the predefined queries.

    Before you begin:

    • You must have read-write permission for log settings.

    After you have configured a query, you can select it in the report configuration.

    Syntax

    config log report_queryset

    edit <name>

    set module {attack|dns|event|llb|slb}

    set attack_sort_type count

    set attack_subtype {top_destip_for_geo|top_destip_for_ipreputation|top_destip_for_sysflood|top_destip_for_waf|top_source_country_for_geo|top_source_country_for_ipreputation|top_source_country_for_waf|top_source_for_geo|top_source_for_ipreputation|top_source_for_waf}

    set dns_sort_type count

    set dns_subtype {top_policy|top_source}

    set event_sort_type count

    set event_subtype {top_admin_config|top_admin_login|top_failed_admin_login}

    set llb_subtype {top_link|slb_history_flow}

    set slb_subtype {slb_history_flow|top_policy|top_source|top_source_country}

    set traffic_data_type {sessions|bytes}

    next

    end

    module

    Set the reporting module. This setting also filters the commands so that only relevant options are available.

    attack_sort_type

    		 Results are ordered by count.

    attack_subtype

    		 Key query term.

    dns_sort_type

    		 Results are ordered by count.

    dns_subtype

    		 Key query term.

    event_sort_type

    		 Results are ordered by count.

    event_subtype

    		 Key query term.

    llb_subtype

    		 Key query term.

    slb_subtype

    		 Key query term.

    traffic_data_type

    		 Query by session count or bytes.

    Example

    FortiADC-docs # config log report_queryset

    FortiADC-docs (report_queryset) # edit my_slb_query

    Add new entry 'my_slb_query' for node 2514

    FortiADC-docs (my_slb_query) # get

    module : slb

    traffic_data_type : bytes

    slb_subtype : top_policy

    FortiADC-docs (my_slb_query) # set slb_subtype ?

    slb_history_flow slb_history_flow

    top_policy top_policy

    top_source top_source

    top_source_country top_source_country

    FortiADC-docs (my_slb_query) # set slb_subtype top_source_country

    FortiADC-docs (my_slb_query) # next

    FortiADC-docs (report_queryset) # edit my_attack_query

    Add new entry 'my_attack_query' for node 2514

    FortiADC-docs (my_attack_query) # set module attack

    FortiADC-docs (my_attack_query) # set attack_subtype ?

    top_destip_for_geo top_destip_for_geo

    top_destip_for_ipreputation top_destip_for_ipreputation

    top_destip_for_sysflood top_destip_for_sysflood

    top_destip_for_waf top_destip_for_waf

    top_source_country_for_geo top_source_country_for_geo

    top_source_country_for_ipreputation top_source_country_for_ipreputation

    top_source_country_for_waf top_source_country_for_waf

    top_source_for_geo top_source_for_geo

    top_source_for_ipreputation top_source_for_ipreputation

    top_source_for_waf top_source_for_waf

    FortiADC-docs (my_attack_query) # set attack_subtype top_source_country_for_waf

    FortiADC-docs (my_attack_query) # get

    module : attack

    attack_sort_type : count

    attack_subtype : top_source_country_for_waf

    FortiADC-docs (my_attack_query) # end

    FortiADC-docs #

    Previous
    Next

    config log report_queryset

    config log report_queryset

    Use this command if you need to configure report queries that are different from the predefined queries.

    Before you begin:

    • You must have read-write permission for log settings.

    After you have configured a query, you can select it in the report configuration.

    Syntax

    config log report_queryset

    edit <name>

    set module {attack|dns|event|llb|slb}

    set attack_sort_type count

    set attack_subtype {top_destip_for_geo|top_destip_for_ipreputation|top_destip_for_sysflood|top_destip_for_waf|top_source_country_for_geo|top_source_country_for_ipreputation|top_source_country_for_waf|top_source_for_geo|top_source_for_ipreputation|top_source_for_waf}

    set dns_sort_type count

    set dns_subtype {top_policy|top_source}

    set event_sort_type count

    set event_subtype {top_admin_config|top_admin_login|top_failed_admin_login}

    set llb_subtype {top_link|slb_history_flow}

    set slb_subtype {slb_history_flow|top_policy|top_source|top_source_country}

    set traffic_data_type {sessions|bytes}

    next

    end

    module

    Set the reporting module. This setting also filters the commands so that only relevant options are available.

    attack_sort_type

    		 Results are ordered by count.

    attack_subtype

    		 Key query term.

    dns_sort_type

    		 Results are ordered by count.

    dns_subtype

    		 Key query term.

    event_sort_type

    		 Results are ordered by count.

    event_subtype

    		 Key query term.

    llb_subtype

    		 Key query term.

    slb_subtype

    		 Key query term.

    traffic_data_type

    		 Query by session count or bytes.

    Example

    FortiADC-docs # config log report_queryset

    FortiADC-docs (report_queryset) # edit my_slb_query

    Add new entry 'my_slb_query' for node 2514

    FortiADC-docs (my_slb_query) # get

    module : slb

    traffic_data_type : bytes

    slb_subtype : top_policy

    FortiADC-docs (my_slb_query) # set slb_subtype ?

    slb_history_flow slb_history_flow

    top_policy top_policy

    top_source top_source

    top_source_country top_source_country

    FortiADC-docs (my_slb_query) # set slb_subtype top_source_country

    FortiADC-docs (my_slb_query) # next

    FortiADC-docs (report_queryset) # edit my_attack_query

    Add new entry 'my_attack_query' for node 2514

    FortiADC-docs (my_attack_query) # set module attack

    FortiADC-docs (my_attack_query) # set attack_subtype ?

    top_destip_for_geo top_destip_for_geo

    top_destip_for_ipreputation top_destip_for_ipreputation

    top_destip_for_sysflood top_destip_for_sysflood

    top_destip_for_waf top_destip_for_waf

    top_source_country_for_geo top_source_country_for_geo

    top_source_country_for_ipreputation top_source_country_for_ipreputation

    top_source_country_for_waf top_source_country_for_waf

    top_source_for_geo top_source_for_geo

    top_source_for_ipreputation top_source_for_ipreputation

    top_source_for_waf top_source_for_waf

    FortiADC-docs (my_attack_query) # set attack_subtype top_source_country_for_waf

    FortiADC-docs (my_attack_query) # get

    module : attack

    attack_sort_type : count

    attack_subtype : top_source_country_for_waf

    FortiADC-docs (my_attack_query) # end

    FortiADC-docs #

    Previous
    Next