Fastvue Reporter for FortiGate – Installation and Setup

Fastvue Reporter for FortiGate Installer

1. Download and Install

Download Fastvue Reporter for FortiGate and install on a machine (or virtual machine) that meets our recommended requirements for your network size.

Fastvue Reporter is designed for 64 bit Windows Server Operating Systems running Windows Server 2008 R2, Server 2012 R2, or above.

The Fastvue Reporter installer will automatically install and configure the required pre-requisites which include .Net 4.6 and IIS (Web Server and Application Server roles). It will also install Open JDK and Elasticsearch in it’s own self-managed directory.

When installing, you will be asked to select a website to install too. If you are installing on a server with existing websites, we recommend creating a new website in IIS and installing to that. You can also choose to install to a sub-folder of an existing website (such as Default Web Site\Fastvue).

Network SizeRecommended Server Specification
Less than 500 Users4 CPUs/Cores, 6 GB RAM
500 – 1000 Users4 CPUs/Cores, 8 GB RAM
1000 – 3000 Users8 CPUs/Cores, 12 GB RAM
3000 – 5000 Users8 CPUs/Cores, 16 GB RAM
5000+ Users16 CPUs/Cores, 24 GB RAM

* Virtual environments are recommended so you can scale the resources as required.

During installation, you are asked where you want the Data Location to be. The amount of data stored per day will vary depending on the amount of traffic flowing through your FortiGate.

The default data retention policy in Fastvue Reporter is 90 days or 90% of drive space, whichever comes first. If 90% of the drive leaves less than 20 GB free, the retention policy will adjust to allow at least 20 GB for Operating System files if the data path is on the same drive as the OS.

These data retention settings can be adjusted in Settings | Data Storage.

We do not advise installing to a network drive due to latency issues affecting the stability of our very frequent read-write operations. For best performance, use a local SSD drive.

Do not install to a mapped network drive, or use a mapped network drive as Fastvue Reporter’s data path, as the assigned drive letters will not exist in the system context – only the user context. If you must use a network drive, specify a UNC path such as \\servername-or-ip\fastvue, but keep in mind the performance issues mentioned above, and you will have to configure ‘full’ permissions for the Fastvue Server’s local system account.

After one or two days of collecting data, check the size estimates in Settings | Data Storage | Settings to see if you need to make adjustments to the data retention policy or your server’s disk space. These estimates become more accurate as data is imported.

Configuring Fortinet FortiGate Syslog Server via the GUI Configuring Fortinet Fortigate Syslog Server via the GUI

Configuring Fortinet FortiGate Syslog Server via the CLI Configuring Fortinet Fortigate Syslog Server via the CLI

2. Add the Fastvue Server as a Syslog Server in Fortinet FortiGate

Now that Fastvue Reporter for FortiGate has been installed, you need to add configure your Fortigate(s) to send syslog data to the Fastvue server.

This is done by adding the Fastvue Server as a syslog server in either the Fortinet FortiGate Web Interface (GUI), or using the Command Line Interface (CLI)..

To add the Fastvue Server as a Syslog Server using the FortiGate GUI:

  1. In FortiGate’s web interface, go to Log & Report | Log Settings
  2. Scroll down to the Remote Logging and Archiving section and toggle the Send logs to syslog option to on
  3. Enter the IP or FQDN of the Fastvue Server into the edit box.
  4. Scroll down and click Apply to save the settings.

If you already have a syslog server specified, use the CLI method below to configure the syslogd2, syslogd3 or syslogd4 settings.

To add the Fastvue Server as a Syslog Server using the FortiGate CLI.

Log into the CLI and enter the following commands:

config log syslogd setting
        set facility user
        set port 514
        set server {IP or FQDN of the Fastvue server}
        set status enable
        end

You can configure up to four syslog servers on FortiGate. Just replace ‘syslogd’ with syslogd2, sylsogd3 or syslogd4 on the first line to configure each syslog server.

Configuring Fortinet Fortigate to log forward, local and anomaly traffic Configuring Fortinet Fortigate to log forward, local and anomaly traffic.

3. Configure forward, local and anomaly traffic logging

These logging features should be enabled by default, but make sure forward and local traffic as well as anomalies are being logged with the following commands:

config log syslogd filter
        set forward-traffic enable
        set local-traffic enable
        set anomaly enable
        end
Configuring Fortinet Fortigate to log all URLs and Referrer URLs Configuring Fortinet Fortigate to log all URLs and Referrer URLs

4. Configure logging of all urls and referrer urls

The logging of referrer URLs was introduced in FortiOS 5.4, which is a great feature for Internet usage analysis. Unfortunately, you need to enable it per web profile. This is also done at the CLI:

config webfilter profile
        edit {Name of your profile}
        set log-all-url enable
        set web-filter-referer-log enable
        end

* Repeat this for all web filter profiles you need to report on.

Reporter for FortiGate Add Source

5. Add a Source

Add the FortiGate as a Source in Fastvue Reporter. This can be done on the start page that is presented after installation, or in Settings | Sources | Add Source.

Fastvue Reporter for SonicWall Dashboard Overview

6. Enjoy!

It may take 10-20 seconds before the first records are imported. You can watch the records and dates imported in Settings | Sources. Once records start importing, you can go to the Dashboard tab to see your live network traffic.

Now you can explore all the features of Fastvue Reporter for FortiGate.

Backing Up Fastvue Reporter for FortiGate

1. Backup Fastvue Reporter’s Data and Settings

If you want to upgrade your existing installation, we recommend backing up your existing settings and data first. This is as simple as making a full copy of the contents of Fastvue Reporter’s data location, shown in Settings | Data Storage | Settings (default is C:\ProgramData\Fastvue\Reporter for FortiGate).

Tip: Compress the backup, especially the Data.elastic folder as this can be quite large.

Fastvue Reporter - Backup Web.Config

2. Backup Custom IIS Settings (if applicable)

If you have secured the Fastvue Reporter website with IIS or applied any other custom settings in IIS directly, you should also backup the web.config file in the website’s directory (usually under c:\inetpub\wwwroot\<fastvuereporter’s site name>). The installer will attempt to also backup and restore this file for you, but this is a good idea just incase there is an issue with the installation.

Fastvue Reporter for FortiGate Installation Launcher

3. Upgrade / Installation

Once your current environment is backed up, download the new installer and run it over the top of your existing installation to upgrade. The installer will pick up your existing settings, so just click next throughout the wizard without making any changes. Once installed, browse to the site and clear the browser cache by hitting ctrl + F5 (cmd + R on Mac).

Fastvue Reporter for FortiGate Dashboard Overview

4. Enjoy!

It may take 10-20 seconds before the first records are imported. You can watch the records count in Settings | Sources. Once records start importing, you can go to the Dashboard tab to see your live network traffic.

Now you can test out the many features of Fastvue Reporter for FortiGate.

Contact Sales
Contact Support