Create a custom Fortianalyzer report to show number of logs per Fortigate and per policy
Why did I do such report?
Some of our clients are using VM Fortianalyzer (FAZ) which comes with the volume licensing of received logs, and so alerts frequently on logs intake exceeding this license. Other than buying additional license, I can drill down with the FAZ help on top policies generating the logs and try and reduce their volume. The custom report in FAZ I am showing in this video does that - produces such report.
The SQL query syntax I use:
SELECT devname,vd,policyid,count(policyid)
AS number_of_logs
FROM $log WHERE $filter
GROUP BY devname,vd,policyid
ORDER BY number_of_logs DESCFollow me on https://www.linkedin.com/in/yurislobodyanyuk/ and https://github.com/yuriskinfo/ not to miss what I publish on Linkedin, Github, blog, and more.