Dataset
FortiManager datasets are collections of log files from monitored devices. Reports are generated based on these datasets.
Predefined datasets for each supported device type are provided, and new datasets can be created and configured. Both predefined and custom datasets can be cloned, but only custom datasets can be deleted. You can also view the SQL query for a dataset, and test the query against specific devices or log arrays.
FortiManager v5.0 Patch Release 5 introduced new datasets for SIP and SCCP. FortiManager v5.0 Patch Release 6 introduces new datasets for Botnet (Botnet-Activity-By-Sources, Botnet-Infected-Hosts, Botnet-Sources, Botnet-Timeline, and Detected-Botnet).
To view and configure datasets, go to Reports > Advanced > Dataset in the tree menu.
The following options and information are available:
Create New | Select to create a new dataset. See “To create a new dataset:”. |
Edit | Select to edit an existing dataset. See “To edit a dataset:”. |
Delete | Select to delete a dataset. See “To delete datasets:”. |
Clone | Select to clone an existing dataset. See “To clone a dataset:”. |
Search | Use the search field to find a specific dataset. |
Name | The name of the dataset. |
Device Type | The device type that the dataset applies to. |
Log Type | The type of log that the dataset applies to. |
Page navigation | Adjust the number of logs that are listed per page and browse through the pages. |
To create a new dataset:
1. In the dataset list, either select Create New from the toolbar, or right-click in the dataset list and select Create New from the pop-up menu.
The New Dataset dialog box opens.
2. Enter the required information for the new dataset.
Name | Enter a name for the dataset. |
Log Type | Select a log type from the drop-down list. The following log types are available for FortiGate: Application Control, Attack, DLP Archive, DLP, Email Filter, Event, Traffic, Virus, Web Filter, and Network Scan. The following log types are available for FortiMail: Email Filter, Event, History, and Virus. The following log types are available for FortiWeb: Attack, Event, and Traffic. |
Query | Enter the SQL query used for the dataset. |
Add Variable | Select to add a variable, expression, and description information. |
Test query with specified devices and time period |
| Devices | Select All FortiGates, All FortiMails, All FortiWebs, or Specify to select specific devices or log arrays to run the SQL query against. |
| Time Period | Use the drop-down list to select a time period. When selecting Other, enter the start date, time, end date, and time. |
| Test | Select Test to test the SQL query before saving the dataset configuration. |
3. Test the query to ensure that the dataset functions as expected, then select OK to create the new dataset.
To clone a dataset:
1. In the dataset list, either select a dataset then select Clone from the toolbar, or right-click on the dataset then select Clone from the pop-up menu.
The Clone Dataset dialog box opens.
2. Edit the information as required, then test the query to ensure that the dataset functions as expected.
3. Select OK to create a new, cloned dataset.
To edit a dataset:
1. In the dataset list double-click on the dataset, or select the dataset then select Edit from the toolbar or right-click menu.
The Edit Dataset dialog box opens.
2. Edit the information as required, then test the query to ensure that the dataset functions as expected.
3. Select OK to finish editing the dataset.
| Predefined datasets cannot be edited, the information is read-only. You can view the SQL query and variables used in the dataset and test against specific devices or log arrays. |
To delete datasets:
1. Select the dataset or datasets that you would like to delete, then select Delete from the toolbar or right-click menu.
2. Select OK in the confirmation dialog box to delete the selected datasets or datasets.
| Predefined datasets cannot be deleted, the information is read-only. |
To view the SQL query for an existing dataset:
Hover the mouse cursor over one of the datasets in the dataset list. The SQL query is displayed in a pop-up window.
