Technical Note: How to create a FortiAnalyzer user forensic analysis report

Description
This article explains how to create a user report in 4.0 in order to report on a specific user's web browsing habits. (This is similar to the forensic style report in 3.0).

This article is applicable only until v4.0 MR3 patch 8. It does not apply to later versions of firmware.

Solution

1. Go to Log > Browse , then open the log file for the web filter of the desired FortiGate device. 2. Click on User filter and find the LDAP string of the user name by looking for user name as shown.

3. In the log display, highlight and copy the full LDAP user name string.

4. Open the report schedule for User_Forensic_Report

5. In the USER field, paste the user name string copied earlier. Put double quotes around the user name string: (That is: "CN=JMEIXNER,OU=IMC,OU=GH,O=GSD" ).

Change the schedule, time period, and output outions as required.

6. Finally, Run the scheduled report.

FortiAnalyzer v4.0
FortiAnalyzer v4.0 MR1
FortiAnalyzer v4.0 MR2
FortiAnalyzer v4.0 MR3