Default On Demand Default 2016 06-04-205918

FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7
FortiGate: FG-300C-02
Bandwidth and Applications

In
Out
Number of Sessions for Past 24 Hours

5000
630K
4500
560K
4000
490K
3500
Sessions
700K
420K
350K
280K
210K
3000
2500
2000
1500
1000
70K
500
0K
Top Users by Bandwidth Usage

User
Top Users by Sessions

Sent
IP
113.175.40.8
113.175.40.8
113.160.200.109
20
:
21 00
:
22 00
:
23 00
:
00 00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:0
0
140K
20
:
21 00
:
22 00
:
23 00
:
00 00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:0
0
Bandwidth (bit/s)
Bandwidth Usage for Past 24 Hours
Recv
User
IP
Sessions
123.4 MB
123.31.26.64
123.31.26.64
3.7 K
113.160.200.109
61.2 MB
88.198.239.9
88.198.239.9
3.1 K
27.72.68.67
27.72.68.67
43.7 MB
42.112.27.51
42.112.27.51
3.0 K
123.30.175.226
123.30.175.226
40.7 MB
113.177.148.73
113.177.148.73
1.2 K
27.66.5.33
27.66.5.33
40.0 MB
113.160.200.109
113.160.200.109
1.1 K
118.68.38.135
118.68.38.135
38.5 MB
123.31.12.210
123.31.12.210
533
14.189.62.199
14.189.62.199
38.4 MB
172.16.0.254
172.16.0.254
489
113.175.90.223
113.175.90.223
37.4 MB
123.30.239.224
123.30.239.224
475
113.174.7.165
113.174.7.165
37.1 MB
14.161.4.56
14.161.4.56
418
14.187.209.160
14.187.209.160
37.1 MB
113.160.200.14
113.160.200.14
417
Top Applications by Bandwidth Usage

Application
Sent
Top Applications by Sessions

Recv
Application
Sessions
HTTP
1.8 GB
HTTP
35.0 K
RDP
4.8 MB
RDP
12.3 K
FTP
95.0 KB
HTTPS
391
HTTPS
87.2 KB
FTP
160
Camera
37.4 KB
POP3S
90
POP3S
21.9 KB
Camera
88
IMAPS
10.4 KB
IMAPS
39
POP3
5.7 KB
POP3
27
IMAP
4.1 KB
IMAP
19
SMTP
1.4 KB
SMTP
16
Top Destinations by Bandwidth Usage
Fortinet Inc. All rights reserved
Top Destinations by Sessions
thaibinh.gov.vn (1.2 GB)
10.132.2.70 (33.7 K)
tuyengiaothaibinh.vn (548.2 MB)
10.132.2.80 (10.6 K)
benhviennhithaibinh.c (35.2 MB)
10.132.2.171 (2.0 K)
thpt-lequydon-thaibin (22.1 MB)
10.132.2.165 (933)
10.132.2.70 (9.3 MB)
10.132.2.193 (353)
10.132.2.80 (4.2 MB)
10.132.2.17 (170)
10.132.2.171 (755.5 KB)
10.132.2.11 (154)
10.132.2.165 (213.9 KB)
thaibinh.gov.vn (118)
10.132.2.11 (94.5 KB)
10.132.2.111 (88)
10.132.2.193 (80.4 KB)
tuyengiaothaibinh.vn (56)
Bandwidth and Applications

DHCP Summary
Interface
Top Wifi Client by Bandwidth

Allocated /
Available
New Clients Count
IP
SSID
Sent
MAC
Recv
400
360
320
280
240
200
160
120
80
40
0
20
:
21 00
:
22 00
:
23 00
:
00 00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:0
0
Active Users
Number of Active Users for Past 24 Hours
Web Usage
Top Allowed Websites by Requests
Website
Top Websites by Bandwidth

Requests
Top Blocked Websites by Requests

Website
Sent
Website
Recv
Top Blocked Users

Requests
User(or IP)
Hostname(MAC)
Requests
Web Usage
Top Web Users by Requests
User(or IP)
Top Web Users by Bandwidth
Hostname(MAC)
Requests
User(or IP)
Hostname(Mac)
Sent
Recv
Top Web Streaming Websites by Bandwidth
Emails
Top Senders by Number of Emails
Sender
Top Email Senders by Bandwidth

Number of Emails
Top Recipients by Number of Emails

Recipient
Number of Emails
Sender
Bandwidth
Top Email Recipients by Bandwidth

Recipient
Bandwidth
Threats
Top Viruses by Name
Virus Name
Top Virus Victims

Occurrence
Virus Victim
oversize
177
av-error
Occurrence
113.160.200.109
113.175.40.8
117.4.176.24
27.66.5.33
42.112.233.51
42.113.158.135
1.53.229.244
113.160.65.50
113.162.73.55
113.185.1.112
Top Attack Sources
Top Attack Victims
VPN Usage
Top Site-to-Site IPSec Tunnels by Bandwidth
Sent
Tunnel
Top Dial-Up IPSec Tunnels by Bandwidth
Recv
User
Top SSL-VPN Tunnel Users by Bandwidth

User
Recv
Top SSL-VPN Web Mode Users by Bandwidth
Sent
IP
Sent
Tunnel
Recv
User
Sent
IP
Recv
lamnh
27.76.193.170
15.5 MB
lamnh
27.76.193.170
13.3 MB
hienpq
27.76.193.170
12.1 MB
hienpq
27.76.193.170
12.1 MB
dungdp
117.6.135.61
5.5 MB
dungdp
117.6.135.61
5.5 MB
hapt
117.6.135.61
1.4 MB
hapt
117.6.135.61
lamnh
27.76.203.182
401.8 KB
lamnh
27.76.203.182
400.6 KB
hienpq
27.76.203.182
28.9 KB
hienpq
27.76.203.182
28.8 KB
dungdp
113.185.18.79
15.2 KB
dungdp
113.185.18.67
14.5 KB
thevt
27.76.193.170
12 B
thevt
27.76.193.170
12 B
Top Dial Up Users

Type
Duration (Sec)
Sent
Recv
lamnh
ssl
56m 15s
29.6 MB
hienpq
ssl
52m 21s
24.2 MB
dungdp
ssl
38m 17s
11.0 MB
hapt
ssl
02h 39m
2.7 MB
thevt
ssl
04m 58s
24 B
SSL Out
SSL In
IPSec Out
IPSec In
10
9
8
Bandwidth (bit/s)
User
VPN Traffic Usage Trend
1.4 MB
7
6
5
4
3
2
1
20
:
21 00
:
22 00
:
23 00
:
00 00
:
01 00
:
02 00
:
03 00
:
04 00
:
05 00
:
06 00
:
07 00
:
08 00
:
09 00
:
10 00
:
11 00
:
12 00
:
13 00
:
14 00
:
15 00
:
16 00
:
17 00
:
18 00
:
19 00
:0
0
Admin Login and System Events

Admin Login Summary
Date/Time
User Name
=Config Changed
Login Interface
Duration
Date/Time
User Name
=Config Not Changed
Login Interface
Duration
06/04 19:26
hienpq
https(10.212.134.200)
11m 40s
06/04 15:12
hienpq
https(10.132.196.66)
14m 00s
06/04 19:16
hienpq
https(10.212.134.200)
05m 34s
06/04 14:38
hienpq
https(10.132.196.66)
20m 55s
06/04 15:28
hienpq
https(10.132.196.66)
08m 03s
System Activity Summary

Date/Time
Event
Date/Time
Event
06/04 19:38
Administrator hienpq timed out on https(10.212.134.200)
06/04 15:29
Edit vpn.ssl.settings
06/04 19:38
Configuration is changed in the admin session
06/04 15:28
06/04 19:27
Purge system.admin:dashboard-tabs
06/04 15:28
06/04 19:27
Add system.admin:dashboard-tabs hienpq:1
06/04 15:28
06/04 19:27
06/04 15:28
Administrator hienpq logged in successfully from https(10.132.196.6
06/04 19:27
06/04 15:26
06/04 19:27
06/04 15:22
Send token FTKMOB4A031EEEDF activation code DEICM7CIEPG
06/04 19:27
06/04 15:12
06/04 19:27
06/04 14:59
06/04 19:27
Purge system.admin:dashboard
06/04 14:59
06/04 19:27
Add system.admin:dashboard hienpq:64
06/04 14:49
Send token FTKMOB4A031EEEDF activation code DEICM7CIEPG
06/04 19:27
06/04 14:48
User hienpq added local user dpdung from GUI(10.132.196.66)
06/04 19:27
06/04 14:48
Add user.local dpdung
06/04 19:27
06/04 14:48
Edit user.group VPN-ThaiBinh
06/04 19:27
06/04 14:45
Completed reputation db maintenance
06/04 19:27
06/04 14:38
06/04 19:27
06/04 09:11
The ntp daemon step adjusted time from Sat Jun 4 09:11:23 2016 t
06/04 19:27
06/04 02:45
Completed reputation db maintenance
06/04 19:27
06/04 01:44
Fortigate scheduled update virdb(35.00114) etdb(35.00114) idsdb(8.
06/04 19:27
06/04 00:06
System deleted log file tlog.64628
06/04 19:27
06/04 00:06
System deleted log file tlog.64627
06/04 19:27
06/04 00:06
System deleted log file elog.64913
06/04 19:27
06/04 00:06
System deleted log file vlog.65447
06/04 19:26
06/04 00:06
System deleted log file wlog.65447
06/04 19:22
06/04 00:06
System deleted log file alog.65447
06/04 19:16
06/04 00:06
System deleted directory pcap.65447.
06/04 18:27
Disk log has rolled.
06/04 00:06
System deleted log file slog.65447
06/04 15:36
06/04 00:06
System deleted log file clog.65447
06/04 15:36
06/04 00:06
System deleted log file plog.65447
06/04 15:31
06/04 00:06
System deleted log file dlog.65447
06/04 15:31
06/04 00:06
System deleted directory dlp_archive.65447.
06/04 15:30
06/04 00:06
System deleted log file rlog.65447
06/04 15:30
06/04 00:06
System deleted log file nlog.65447
06/04 15:30
06/04 00:00
Disk log roll request has been sent.
06/04 15:29
06/04 00:00
Start uploading disk logs to FortiCloud from vdom root.
06/04 15:29
Appendix A
- Individual Report for 1st Highest User: 113.175.40.8 Usage: 123.4 MB IP: 113.175.40.8 Device:
Traffic Summary
Web Activity Summary

Top 10 Allowed Sites
123.4 MB
Total Number of Bytes
122.0 MB in
Total Number of Sessions
Host Name
1.4 MB out
Number of Visits
152
Top 5 Destinations
Destination
Bandwidth
tuyengiaothaibinh
10.132.2.70
APP
123.3 MB
31.3 KB
HTTP
HTTP
Top 10 Blocked Sites
Host Name
Number of Visits
Email Activity Summary

Number
Bandwidth
Total Email Sent
0B
0B
Total Email Received
Threat Summary
Threat Name
Top 5 Email Recipients

Recipient
Type
Counts
oversize
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
Top 5 Applications by Bandwidth
HTTP (123.4 MB)
Top 5 Applications by Sessions

HTTP (152)
Appendix B
- Individual Report for 2nd Highest User: 113.160.200.109 Usage: 61.2 MB IP: 113.160.200.109 Device:
Traffic Summary

61.2 MB
61.0 MB in
Host Name
285.3 KB out
Number of Visits
1.1 K
Top 5 Destinations
Destination
Bandwidth
thaibinh.gov.vn
10.132.2.70
10.132.2.165
APP
61.0 MB
222.3 KB
5.7 KB
HTTP
HTTP
HTTP
Host Name
Number of Visits

Number
Bandwidth
Total Email Sent
0B
0B
Threat Summary
Threat Name

Recipient
Type
Counts
oversize
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
HTTP (61.2 MB)

HTTP (1.1 K)
Appendix C
- Individual Report for 3rd Highest User: 27.72.68.67 Usage: 43.7 MB IP: 27.72.68.67 Device:
Traffic Summary

43.7 MB
43.7 MB in
Host Name
65.5 KB out
Number of Visits
Top 5 Destinations
Destination
Bandwidth
thaibinh.gov.vn
APP
43.7 MB
HTTP
Host Name
Number of Visits

Number
Bandwidth
Total Email Sent
0B
0B
Threat Summary
Threat Name

Recipient
Type
Counts
oversize
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
HTTP (43.7 MB)

HTTP (2)
Appendix D
- Individual Report for 4th Highest User: 123.30.175.226 Usage: 40.7 MB IP: 123.30.175.226 Device:
Traffic Summary

40.7 MB
40.6 MB in
Host Name
63.3 KB out
Number of Visits
25
Top 5 Destinations
Destination
Bandwidth
thaibinh.gov.vn
10.132.2.70
APP
40.7 MB
8.1 KB
HTTP
HTTP
Host Name
Number of Visits

Number
Bandwidth
Total Email Sent
0B
0B
Threat Summary
Threat Name

Recipient
Type
Counts
oversize
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
HTTP (40.7 MB)

HTTP (25)
10
Appendix E
- Individual Report for 5th Highest User: 27.66.5.33 Usage: 40.0 MB IP: 27.66.5.33 Device:
Traffic Summary

40.0 MB
39.8 MB in
Host Name
126.5 KB out
Number of Visits
Top 5 Destinations
Destination
Bandwidth
thaibinh.gov.vn
APP
40.0 MB
HTTP
Host Name
Number of Visits

Number
Bandwidth
Total Email Sent
0B
0B
Threat Summary
Threat Name

Recipient
Type
Counts
oversize
Bandwidth
Top 5 Email Senders

Sender
Bandwidth
Application Summary
HTTP (40.0 MB)

HTTP (4)
11

Default On Demand Default 2016 06-04-205918

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Default On Demand Default 2016 06-04-205918

Uploaded by

Copyright:

Available Formats

FortiGate System Analysis Report for 2016-06-03 20:00 -- 2016-06-04 19:59 GMT+7

Bandwidth and Applications

Number of Sessions for Past 24 Hours

Top Users by Bandwidth Usage

Top Users by Sessions

Bandwidth Usage for Past 24 Hours

Top Applications by Bandwidth Usage

Top Applications by Sessions

Top Destinations by Bandwidth Usage

Fortinet Inc. All rights reserved

Top Destinations by Sessions

thaibinh.gov.vn (1.2 GB)

tuyengiaothaibinh.vn (548.2 MB)

benhviennhithaibinh.c (35.2 MB)

thpt-lequydon-thaibin (22.1 MB)

10.132.2.70 (9.3 MB)

10.132.2.80 (4.2 MB)

10.132.2.171 (755.5 KB)

10.132.2.165 (213.9 KB)

10.132.2.11 (94.5 KB)

10.132.2.193 (80.4 KB)

Bandwidth and Applications

Top Wifi Client by Bandwidth

New Clients Count

Number of Active Users for Past 24 Hours

Top Websites by Bandwidth

Top Blocked Websites by Requests

Fortinet Inc. All rights reserved

Top Blocked Users

Top Web Users by Bandwidth

Top Web Streaming Websites by Bandwidth

Top Email Senders by Bandwidth

Top Recipients by Number of Emails

Fortinet Inc. All rights reserved

Top Email Recipients by Bandwidth

Top Virus Victims

Top Attack Sources

Top Attack Victims

Fortinet Inc. All rights reserved

Top Dial-Up IPSec Tunnels by Bandwidth

Top SSL-VPN Tunnel Users by Bandwidth

Top SSL-VPN Web Mode Users by Bandwidth

Top Dial Up Users

VPN Traffic Usage Trend

Fortinet Inc. All rights reserved

Admin Login and System Events

=Config Not Changed

System Activity Summary

Administrator hienpq timed out on https(10.212.134.200)

Configuration is changed in the admin session

Add system.admin:dashboard-tabs hienpq:1

Add system.admin:dashboard-tabs hienpq:2

Administrator hienpq logged in successfully from https(10.132.196.6

Add system.admin:dashboard-tabs hienpq:3

Administrator hienpq timed out on https(10.132.196.66)

Add system.admin:dashboard-tabs hienpq:4

Send token FTKMOB4A031EEEDF activation code DEICM7CIEPG

Add system.admin:dashboard-tabs hienpq:5

Administrator hienpq logged in successfully from https(10.132.196.6

Add system.admin:dashboard-tabs hienpq:6

Administrator hienpq timed out on https(10.132.196.66)

Configuration is changed in the admin session

Add system.admin:dashboard hienpq:64