Forensic Analysis Forensic Reports
FortiAnalyzer Version 3.0 MR3 Administration Guide
05-30003-0082-20060925 101
To save the results
1 Select Save Archive.
2 Enter a name for the search results. The name cannot include spaces.
3 Enter a Description to identify what was included in the search results.
4 Select Save.
Local archive
The local archive provides easy access to the forensic analysis searches that are
saved on the FortiAnalyzer unit.
To view the saved searches, go to Forensic Analysis > Search > Local Archive.
Select the Archive file name to view the search results.
Select Edit to change the archive name or description.
Select Delete to remove the search archive from the FortiAnalyzer hard disk.
Forensic Reports
The FortiAnalyzer unit collates information collected from device log files and
enables you to run reports for specific users or groups of user in tabular and
graphical reports, similar to the network reporting functionality. The reports
provide detailed information on a users website access, blocked web access,
email and FTP and IM usage during a specific period on your network.
Configuring reports
Create a report configuration profile that defines what information appears on a
report. Select the type of report, devices to include in the report, time frames to
provide specialized reports.
To configure a forensic analysis report profile
1 Go to Forensic Analysis > Report > Config.
2 Select Create New.
3 Enter a Report Name.
The report name cannot include spaces.
4 Enter a title and a description of what the report includes.
5 Select the blue arrow next to the options you need to configure:
6 Select OK.
Properties Select to add logos, headers, footers and company information to
customize the report.
Report Criteria Select the information you want to include in the report.
Time Period Select the filtering information and time range for the reporting
period.
Forensic Report
Type(s)
Select the reports to include.
Output Select the file format for the reports.