Thursday, July 7, 2016

HOWTO query a FortiAnalzyer dataset via cli

The fortinet fortiAnalyzer allows for you to query dataset directly via sql. The execute sql-query-dataset commands requires a dataset name and time-range.

execute sql-query-dataset < adom name> <datasetname>  <dev/faz>  < Start-Time>  < End-Time>

Any data that matches that time range will be displayed.

e.g dataset for a user login query

Now if I execute a new ssh login and then query the dataset, it will show  this activity in the named dataset.

Querying the dataset directly helps when trouble-shooting reports with  no data and to validate data-sets.

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment