Friday, May 12, 2017

Note - Fortianlyzer generate top sent byte

This topic is for my own reference/note only

Dataset to generate report which top user

select srcip, dstip, dstport, action, service, sum(sentbyte/1048576) as sent_MBps,sum(rcvdbyte/1048576) as receive_MBps, count(*) as sessions from $log where logid_to_int(logid) not in (4, 7, 14) GROUP BY srcip, dstip, dstport, action, service ORDER BY sent_MBps DESC

Monday, May 1, 2017

Note - Forti Analyzer Report

This topic is for my own reference/note only

Dataset to generate report which hit policy id xxxx

select srcip, dstip, dstport, policyid, action, service, count(*) as sessions from $log where policyid = xxxx GROUP BY srcip, dstip, dstport,policyid, action, service


Thursday, January 26, 2017

Fortianalyzer with gmail setup

If you tried to setup Fortianalyzer sending alert via gmail but kept fail

p/s  if you tried setup with 3th party apps for send notification via gmail, this guide might suit too.


Current my analyzer running 5.2.5

Herewith the steps

1. Setup on Fortianalyzer mail server setup



for information about gmail setting
https://support.google.com/a/answer/176600?hl=en


2. SSH to Fortianalyzer , configure the secure option, this command make sure using starttls.

Example

config system mail
    edit "Gmail"
        set secure-option starttls
   next
end

below is the wireshark capture  using starttls, as the red arrow indicate the SSL handshake start


3. Login into your gmail account

4. Access the url https://www.google.com/settings/security/lesssecureapps , turn it on



You can skip steps 5 and 6 if you 1st time setup gmail smtp server, else continue

5. Access the url https://accounts.google.com/DisplayUnlockCaptcha, click continue


6. You will come to this page below



6. Let test the email setup, right click the email setup and key in the recipient email


7. You should successfully send the email