Tracking specific search phrases in reports
It is possible to use the Web Filter to track specific search keywords and phrases and record the results for display in the report.
You should verify that the web filter profile you are using indicates what search phrases you want to track and monitor, so that the report includes this information.
1. Log in to the CLI and enter show webfilter profile default.
This provides details about the webfilter profile being used by the security policy. In this example, the details (shown in the following in bold) indicate that safe search is enabled, but not specified or being logged.
show webfilter profile default
config webfilter profile
edit "default"
set comment "default web filtering"
set inspection-mode flow-based
set options https-scan
set post-action comfort
config web
set safe-search url
end
config ftgd-wf
config filters
edit 1
set action block
set category 2
next
edit 2
set action block
set category 7
next
edit 3
set action block
set category 8
2. Enter the following command syntax so that logging and the keyword for the safe search will be included in logging.
config webfilter profile
edit default
config web
set log-search enable
set keyword-match “fortinet” “easter” “easter bunny”
end
end
3. To test that the keyword search is working, go to a web browser and begin searching for the words that were included in the webfilter profile, such as easter.
You can tell that the test works by going to Log & Report > Traffic Log > Forward Traffic and viewing the log messages.