Fortinet black logo

Administration Guide

Using the FortiView interface

Using the FortiView interface

Use the FortiView interface to customize the view and visualizations within a monitor to find the information you are looking for. The tools in the top menu bar allow you to change the time display, refresh or customize the data source, and filter the results. You can also right-click a table in the monitor to view drilldown information for an item.

Real-time and historical charts

Use the Time Display dropdown to select the time period to display on the current monitor. Time display options vary depending on the monitor and can include real-time information (now) and historical information (1 hour, 24 hours, and 7 days).

Note

Disk logging or remote logging must be enabled to view historical information.

You can create a custom time range by selecting an area in table with your cursor.

The icon next to the time period identifies the data source (FortiGate, FortiAnalyzer, or FortiGate Cloud). Hover over its icon to see a description of the chart, as well as links to the requirements.

Data source

FortiView gathers information from a variety of data sources. If there are no log disk or remote logging configured, the data will be drawn from the FortiGate's session table, and the Time Period is set to Now.

Other data sources that can be configured are:

  • FortiGate
  • FortiAnalyzer
  • FortiGate Cloud
Note

When Data Source is set to Best Available Device, FortiAnalyzer is selected when available, then FortiGate Cloud, and then FortiGate.

Drilldown information

Double-click or right-click an entry in a FortiView monitor and select Drill Down to Details to view additional details about the selected traffic activity. Click the Back icon in the toolbar to return to the previous view.

You can group drilldown information into different drilldown views. For example, you can group the drilldown information in the FortiView Destinations monitor by Sources, Applications, Threats, and Policies.

Select an entry, then click View session logs to view the session logs.

Graph

  • The graph shows the bytes sent/received in the time frame. real time does not include a chart.
  • Users can customize the time frame by selecting a time period within the graph.

Summary of

  • Shows information such as the user/avatar, avatar/source IP, bytes, and sessions total for the time period.
  • Can quarantine host (access layer quarantine) if they are behind a FortiSwitch or FortiAP.
  • Can ban IP addresses, adds the source IP address into the quarantine list.

Tabs

  • Drilling down entries in any of these tabs (except sessions tab) will take you to the underlying traffic log in the sessions tab.
  • Applications shows a list of the applications attributed to the source IP. This can include scanned applications using Application Control in a firewall policy or unscanned applications.

    config log gui-display

    set fortiview-unscanned-apps enable

    end

  • Destinations shows destinations grouped by IP address/FQDN.
  • Threats lists the threats caught by UTM profiles. This can be from antivirus, IPS, Web Filter, Application Control, etc.
  • Web Sites contains the websites which were detected either with webfilter, or through FQDN in traffic logs.
  • Web Categories groups entries into their categories as dictated by the Web Filter Database.
  • Policies groups the entries into which polices they passed through or were blocked by.
  • View session logs shows the underlying logs (historical) or sessions (real time). Drilldowns from other tabs end up showing the underlying log located in this tab.
  • Search Phrases shows entries of search phrases on search engines captured by a Web Filter UTM profile, with deep inspection enabled in firewall policy.
  • More information can be shown in a tooltip while hovering over these entries.

To view matching logs or download a log, click the Security tab in the Log Details .

Using the FortiView interface

Use the FortiView interface to customize the view and visualizations within a monitor to find the information you are looking for. The tools in the top menu bar allow you to change the time display, refresh or customize the data source, and filter the results. You can also right-click a table in the monitor to view drilldown information for an item.

Real-time and historical charts

Use the Time Display dropdown to select the time period to display on the current monitor. Time display options vary depending on the monitor and can include real-time information (now) and historical information (1 hour, 24 hours, and 7 days).

Note

Disk logging or remote logging must be enabled to view historical information.

You can create a custom time range by selecting an area in table with your cursor.

The icon next to the time period identifies the data source (FortiGate, FortiAnalyzer, or FortiGate Cloud). Hover over its icon to see a description of the chart, as well as links to the requirements.

Data source

FortiView gathers information from a variety of data sources. If there are no log disk or remote logging configured, the data will be drawn from the FortiGate's session table, and the Time Period is set to Now.

Other data sources that can be configured are:

  • FortiGate
  • FortiAnalyzer
  • FortiGate Cloud
Note

When Data Source is set to Best Available Device, FortiAnalyzer is selected when available, then FortiGate Cloud, and then FortiGate.

Drilldown information

Double-click or right-click an entry in a FortiView monitor and select Drill Down to Details to view additional details about the selected traffic activity. Click the Back icon in the toolbar to return to the previous view.

You can group drilldown information into different drilldown views. For example, you can group the drilldown information in the FortiView Destinations monitor by Sources, Applications, Threats, and Policies.

Select an entry, then click View session logs to view the session logs.

Graph

  • The graph shows the bytes sent/received in the time frame. real time does not include a chart.
  • Users can customize the time frame by selecting a time period within the graph.

Summary of

  • Shows information such as the user/avatar, avatar/source IP, bytes, and sessions total for the time period.
  • Can quarantine host (access layer quarantine) if they are behind a FortiSwitch or FortiAP.
  • Can ban IP addresses, adds the source IP address into the quarantine list.

Tabs

  • Drilling down entries in any of these tabs (except sessions tab) will take you to the underlying traffic log in the sessions tab.
  • Applications shows a list of the applications attributed to the source IP. This can include scanned applications using Application Control in a firewall policy or unscanned applications.

    config log gui-display

    set fortiview-unscanned-apps enable

    end

  • Destinations shows destinations grouped by IP address/FQDN.
  • Threats lists the threats caught by UTM profiles. This can be from antivirus, IPS, Web Filter, Application Control, etc.
  • Web Sites contains the websites which were detected either with webfilter, or through FQDN in traffic logs.
  • Web Categories groups entries into their categories as dictated by the Web Filter Database.
  • Policies groups the entries into which polices they passed through or were blocked by.
  • View session logs shows the underlying logs (historical) or sessions (real time). Drilldowns from other tabs end up showing the underlying log located in this tab.
  • Search Phrases shows entries of search phrases on search engines captured by a Web Filter UTM profile, with deep inspection enabled in firewall policy.
  • More information can be shown in a tooltip while hovering over these entries.

To view matching logs or download a log, click the Security tab in the Log Details .