Dataset
FortiManager datasets are collections of log files from monitored devices. Reports are generated based on these datasets. These filters will vary based on device type.
Predefined datasets for each supported device type are provided, and new datasets can be created and configured. FortiManager v5.0 Patch Release 2 or later adds the ability to test a SQL query per dataset against specific devices or log arrays before saving the configuration.
FortiManager v5.0 Patch Release 5 introduces new datasets for SIP and SCCP.
To view and configure datasets, go to the Reports tab and select Advanced > Dataset in the tree menu.
The following options are available:
Create New | Select to create a new dataset. |
Edit | Select to edit an existing dataset. |
Delete | Select to delete a dataset. |
Clone | Select to clone an existing dataset. |
Search | Use the search field to find a specific dataset. |
To create a new dataset:
1. Go to the Reports tab and select Advanced > Dataset in the tree menu.
2. Select Create New on the toolbar, or right-click in the dataset list and select New from the pop-up menu.
The Create New Dataset dialog box opens.
3. Enter the required information for the new dataset.
Name | Enter a name for the dataset. |
Log Type | Select a log type from the drop-down list. The following log types are available for FortiGate: Application Control, Attack, DLP Archive, DLP, Email Filter, Event, Traffic, Virus, Web Filter, and Network Scan. The following log types are available for FortiMail: Email Filter, Event, History, and Virus. The following log types are available for FortiWeb: Attack, Event, and Traffic. |
Query | Enter the SQL query used for the dataset. |
Add Variable | Select to add a variable, expression, and description information. |
Test query with specified devices and time period | Select devices and test the SQL query against the new dataset. In FortiManager v5.0 Patch Release 2 or later you can test the query against specific devices or a log array. |
| Devices | Select All FortiGates, All FortiMails, All FortiWebs, or Specify to select specific devices or log arrays to run the SQL query against. |
| Time Period | Use the drop-down menu to select a time period. When selecting Other, enter the start date, time, end date, and time. |
| Test | Select Test to test the SQL query before saving the dataset configuration. |
4. Test the query to ensure that the dataset functions as expected.
5. Select OK to create the new dataset.
To clone a dataset:
1. Go to the Reports tab and select Advanced > Dataset in the tree menu.
2. Select the dataset that you would like to clone and select Clone from the toolbar or right-click menu.
The Clone Dataset dialog box opens.
You can clone a predefined dataset or custom dataset.
3. Edit the information as needed and test the query to ensure that the dataset functions as expected.
4. Select OK to clone the dataset and create a new dataset.
To edit a dataset:
1. Go to the Reports tab and select Advanced > Dataset in the tree menu.
2. Double-click on the dataset that you would like to edit, or select the dataset and select Edit from the toolbar or right-click menu.
The Edit Dataset dialog box opens.
3. Edit the information as required and test the query to ensure that the dataset functions as expected.
4. Select OK to finish editing the dataset.
| Predefined datasets cannot be edited, the information is read-only. You can view the SQL query and variables used in the dataset and test against specific devices or log arrays. |
To delete datasets:
1. Go to the Reports tab and select Advanced > Dataset in the tree menu.
2. Select the dataset or datasets that you would like to delete and select Delete from the toolbar or right-click menu.
| Predefined datasets cannot be deleted, the information is read-only. |
3. Select OK in the confirmation dialog box to delete the datasets or datasets.
To view the SQL query for an existing dataset:
1. Go to the Reports tab and select Advanced > Dataset in the tree menu.
2. Hover the mouse cursor over one of the datasets in the list.
3. The SQL query is displayed in the pop-up window.
