Fortinet black logo

Administration Guide

FortiView from disk

FortiView from disk

FortiView from disk is available on all FortiGates with an SSD disk.

Restrictions

Model

Supported view

Desktop models (100 series) with SSD Five minutes and one hour
Medium models with SSD Up to 24 hours
Large models (1500D and above) with SSD

Up to seven days

To enable seven days view:

config log setting

set fortiview-weekly-data enable

end

Configuration

A firewall policy needs to be in place with traffic logging enabled. For optimal operation with FortiView, internal interface roles should be clearly defined as LAN. DMZ and internet facing or external interface roles should be defined as WAN.

To configure logging to disk in the GUI:
  1. Enable disk logging from the FortiGate GUI.
    1. Go to Log & Report > Log Settings > Local Traffic Log.
    2. Select the checkbox next to Disk.
  2. Enable historical FortiView from the FortiGate GUI.
    1. Go to Log & Report > Log Settings > Local Traffic Log.
    2. Select the checkbox next to Enable Historical FortiView.

  3. Click Apply.
To include sniffer traffic and local-deny traffic when FortiView from Disk:

This feature is only supported through the CLI.

config report setting

set report-source forward-traffic sniffer-traffic local-deny-traffic

end

To configure the data source in the GUI:
  1. Go to Dashboard > Top Sources.
  2. Select a time range other than now from the drop-down list to view historical data.
  3. In the top menu, click the dropdown, and select Settings. The Edit Dashboard Widget window opens.
    1. In the Data Source area, click Specify.
    2. From the dropdown, select Disk, and click OK.

    For information see, FortiView interface.

Troubleshooting

Use execute report flush-cache and execute report recreate-db to clear up any irregularities that may be caused by upgrading or cache issues.

FortiView from disk

FortiView from disk is available on all FortiGates with an SSD disk.

Restrictions

Model

Supported view

Desktop models (100 series) with SSD Five minutes and one hour
Medium models with SSD Up to 24 hours
Large models (1500D and above) with SSD

Up to seven days

To enable seven days view:

config log setting

set fortiview-weekly-data enable

end

Configuration

A firewall policy needs to be in place with traffic logging enabled. For optimal operation with FortiView, internal interface roles should be clearly defined as LAN. DMZ and internet facing or external interface roles should be defined as WAN.

To configure logging to disk in the GUI:
  1. Enable disk logging from the FortiGate GUI.
    1. Go to Log & Report > Log Settings > Local Traffic Log.
    2. Select the checkbox next to Disk.
  2. Enable historical FortiView from the FortiGate GUI.
    1. Go to Log & Report > Log Settings > Local Traffic Log.
    2. Select the checkbox next to Enable Historical FortiView.

  3. Click Apply.
To include sniffer traffic and local-deny traffic when FortiView from Disk:

This feature is only supported through the CLI.

config report setting

set report-source forward-traffic sniffer-traffic local-deny-traffic

end

To configure the data source in the GUI:
  1. Go to Dashboard > Top Sources.
  2. Select a time range other than now from the drop-down list to view historical data.
  3. In the top menu, click the dropdown, and select Settings. The Edit Dashboard Widget window opens.
    1. In the Data Source area, click Specify.
    2. From the dropdown, select Disk, and click OK.

    For information see, FortiView interface.

Troubleshooting

Use execute report flush-cache and execute report recreate-db to clear up any irregularities that may be caused by upgrading or cache issues.