Drikus Brits
2013-05-27 06:19:12 UTC
Hi All,
How would I configure an exclusion in fnrancid to prevent changes in forti reports from showing up every time a customer changes his reports on the forti ?
Thx
d.
Index: configs/ filtered-fortigate
===================================================================
retrieving revision 1.1580
diff -U 4 -r1.1580 filtered-fortigate
@@ -50977,10 +50977,9 @@
next
end
next
edit "traffic.sessions.app_cats.user"
- set query "select ft_ifnull(app_cat, \'unknown\') app_cat, count(*) sessions fro
- m traffic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2,5, 8,9,10) and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' group by app_cat order by sessions desc limit 10"
+ set query "select ft_ifnull(app_cat, \'unknown\') app_cat, count(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2,5, 8,9,10) and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' group by app_cat order by sessions desc limit 10"
config field
edit 1
set type text
set displayname "Application Category"
@@ -51004,9 +51003,10 @@
next
end
next
edit "traffic.bandwidth.dstcountries"
- set query "create temp table top_dst_country(dst_country text, bandwidth integer); insert into top_dst_country select dst_country, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) group by dst_country order by bandwidth desc limit 9; select * from top_dst_country union select \'others\', bandwidth from (select sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) and dst_country not in (select dst_country from top_dst_country) ) where bandwidth<>0"
+ set query "create temp table top_dst_cou
+ ntry(dst_country text, bandwidth integer); insert into top_dst_country select dst_country, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) group by dst_country order by bandwidth desc limit 9; select * from top_dst_country union select \'others\', bandwidth from (select sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) and dst_country not in (select dst_country from top_dst_country) ) where bandwidth<>0"
config field
edit 1
set type text
set displayname "Country"
This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners.
�This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link https://webmail.vodacom.co.za/tc/default.html "
How would I configure an exclusion in fnrancid to prevent changes in forti reports from showing up every time a customer changes his reports on the forti ?
Thx
d.
Index: configs/ filtered-fortigate
===================================================================
retrieving revision 1.1580
diff -U 4 -r1.1580 filtered-fortigate
@@ -50977,10 +50977,9 @@
next
end
next
edit "traffic.sessions.app_cats.user"
- set query "select ft_ifnull(app_cat, \'unknown\') app_cat, count(*) sessions fro
- m traffic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2,5, 8,9,10) and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' group by app_cat order by sessions desc limit 10"
+ set query "select ft_ifnull(app_cat, \'unknown\') app_cat, count(*) sessions from traffic_log where ###timestamp_to_oid(traffic_log)### and log_id in (2,5, 8,9,10) and ft_ifnull(ft_ifnull(user,src), \'unknown\')=\'###parameter1###\' group by app_cat order by sessions desc limit 10"
config field
edit 1
set type text
set displayname "Application Category"
@@ -51004,9 +51003,10 @@
next
end
next
edit "traffic.bandwidth.dstcountries"
- set query "create temp table top_dst_country(dst_country text, bandwidth integer); insert into top_dst_country select dst_country, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) group by dst_country order by bandwidth desc limit 9; select * from top_dst_country union select \'others\', bandwidth from (select sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) and dst_country not in (select dst_country from top_dst_country) ) where bandwidth<>0"
+ set query "create temp table top_dst_cou
+ ntry(dst_country text, bandwidth integer); insert into top_dst_country select dst_country, sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) group by dst_country order by bandwidth desc limit 9; select * from top_dst_country union select \'others\', bandwidth from (select sum(ifnull(rcvd,0) + ifnull(sent,0) + ifnull(lan_in,0) + ifnull(lan_out,0)) bandwidth from traffic_log where ###timestamp_to_oid(traffic_log)### and ft_ifnull(dst_country,\'\')<>\'\' and log_id in (2,5, 8,9,10) and dst_country not in (select dst_country from top_dst_country) ) where bandwidth<>0"
config field
edit 1
set type text
set displayname "Country"
This e-mail is classified C2 - Vodacom Restricted - Information to be used inside Vodacom but it may be shared with authorised partners.
�This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link https://webmail.vodacom.co.za/tc/default.html "