Reporter for FortiGate Release Notes
Reporter for FortiGate 1.0.1.76 (2023-10-13)

Security Update
New Fields
  • You can now filter Reports and Alerts by the ‘isJunk’ field, allowing you to remove or include URLs in the Junk URLs list (see Settings > Site Clean > Junk URLs). Note that the ‘Clean (on)’ option in Overview Reports already removes Junk URLs or substitutes them with the actual/visited domain.
Site Clean
  • Added Junk URLs associated with background LinkedIn activity that can bloat browsing time when not actually using LinkedIn.
  • Added over 42,500 known ad servers to the list of Junk URLs.
  • Added domain substitutes for known TikTok CDNs.
Keywords
  • Added a range of exclude keywords to many drugs in the Drugs Keyword group to remove false positives associated with researching issues related to drugs (statistics, prevention, long term effects, etc).
  • Added new keywords and exclude keywords to Extremism, Self Harm and Adult and Profanity keyword groups.

Note: Site Clean and Keyword updates are delivered automatically behind the scenes, but if your Fastvue Reporter server is air-gapped, simply update the software to obtain these updates.

Download Update
Reporter for FortiGate 1.0.1.75 (2023-09-22)

General
  • When filtering an Activity Report by multiple Security Groups, the selected Security Groups are now shown as a comma separated list in a single row in the report, rather than creating duplicated rows for each Security Group a person is a member of. This fix also applies to filtering by other multi-value (arrayed) fields such as categories.
  • Source host resolution now only occurs on internal IP address ranges, or ranges specified in the ResolveSourceHostsIPRanges property in the Settings.xml file.
  • Added Search Term extraction for quora.com.
  • Fixed the handling of value-less URL query parameters (e.g. ‘?ab&c=123’ -> ab=(blank), c=123)
  • Elasticsearch *.mdmp files now get deleted as part of the cleanup task when a low disk space warning is triggered.
Performance Improvements
  • Incoming syslog data is no longer queued in memory when the database is not operational.
  • Elasticsearch is now configured to enable memory locking by default, configurable via setting DatabaseElasticMemoryLock in the Settings.xml file.
  • Elasticsearch Java process priority is now set to Normal by default, can now be optionally set to BelowNormal by setting DatabaseElasticProcessPriorityLow in the Settings.xml file.

Reporter for FortiGate 1.0.1.74 (2023-08-09)

AI Prompt Reporting (ChatGPT, Google Bard)
General
  • Fixed an issue where the Blocked Sites widget in the Internet Usage reports was not including sites blocked by the URL Filter feature. It included sites blocked by a Web Filter profile (e.g., a Category block), but not by the URL filter inside a Web Filter profile.
  • SecurityProtocols now enforces a minimum of TLS 1.2 by default, with an option to specify SecurityProtocols via XML settings.
  • Data Retention Policy enforcement now includes the size of today’s data in calculating the total size of data for the size policy, while still not deleting today’s data if it alone exceeds the size policy.
  • Fixed an issue introduced in the previous build where no records would be written to the Elasticsearch database until a minimum number of 10,000 syslog records were reached.
  • Fixed index management being unable to delete indexes in certain situations when an index has unassigned shards.
  • Fixed an issue with YouTube enrichment where some records would be imported without the enriched video metadata from YouTube. This meant you would see both the original YouTube URL as well as the enriched video title as separate items in the YouTube Videos report widget.
  • Switch buttons above Report widgets (e.g., Clean (on) | Clean (off) | Show Both) now indicate which option is currently selected.
Performance Improvements
  • Optimized memory and resource usage in a range of areas across the application. Note that if you have a large amount of data, you may still see memory usage often pegged near 100% due to the way Elasticsearch uses memory-mapped files; however, this memory is made available to other processes when needed and should not affect general performance.

Reporter for FortiGate 1.0.1.73 (2023-07-14)

Added FortiClient EMS Support (Experimental)
  • FortiClient EMS support: Use EMS to configure FortiClients to send UTM and Security logs to FortiAnalyzer (see Fortinet EMS System Settings, and configure FortiAnalyzer to forward logs to Fastvue Reporter.
  • Known Issues

    No size: No ‘size’ values are logged with FortiClient data so you will likely not see the data in any widget sorted by Size, such as Bandwidth reports, especially when normal FortiGate data is also being imported.

    No searches or videos: FortiClient does not log query strings in URLs therefore Fastvue Reporter is unable to extract or report on web searches or YouTube videos.

    Incomplete Categories: Some categories are not logged with their full name, for example, the URL category ‘Global Religion’ is just logged as ‘Global’, and ‘Real Estate’ is just logged as ‘Real’. We have mapped these truncated categories to the full category name where possible, however some categories such as ‘Web’ category could potentially mean Web Analytics, Web Chat or Web Hosting. ‘Personal’ could potentially mean Personal Privacy, Personal Vehicles or Personal Websites and Blogs. In these cases, we have added a new Category called ‘Web’ and ‘Personal’ and added them to the ‘Acceptable’ Productivity group. Not ideal, but the best we can do based on the data FortiClient supplies.
General
  • Fixed issue where log data will stop importing if the IP sending the syslog data changes. When adding syslog sources by a hostname / FQDN, Fastvue Reporter will now re-resolve the Source’s hostname to an IP when they detect they are no longer receiving syslog data from the IP the hostname last resolved to. The hostname to IP resolution previously only occurred when a Source is added, or when the Fastvue Reporter service is started.
  • Fixed issue where users logged with their UPN instead of their sAMAccountName would not be aliased to a user object in Active Directory. This meant they would not be displayed with their Display Name, or included in reports on AD Security Groups or Departments, Offices, or Companies)
  • Fixed issue where users with the same sAMAccountName from different domains would be aliased to the same user.
  • Top downloads widget on the Bandwidth dashboard now handles long URLs by truncating to one line, with the rest of the URL shown in a hover-over ellipsis.
Performance Improvements:
  • Further optimized the data import pipeline.
  • Reduced the performance impact of source host resolution by increasing the TTL for cached entries and reducing resolution attempts for failed resolutions.

Reporter for FortiGate 1.0.1.72 (2023-06-26)

Improved FortiGate Integration
  • New Fields Added: Introduced new fields for Mime Type and HTTP Method.
Improved performance:
  • Optimized the live dashboard query processing and timing to reduce CPU wastage.
  • Optimized the import pipeline to reduce RAM, CPU, and I/O.
  • Adjusted the default database memory settings. JVM Heap Size now defaults to 50% of RAM or 1GB, whichever is larger, clamped up to 32GB. These settings are used when Memory Settings are set to ‘Automatic’ in Settings > Diagnostic > Database > Memory Settings.
General
  • Improved Search Term extraction rules including TikTok, brave.com, webcrawler.com, Yahoo, and Bing chat.
  • Activity Reports now insert a column for Keyword Group when filtering by more than one Keyword Group.
  • The YouTube Videos widget now shows the original YouTube URL if YouTube integration is not enabled in Settings > YouTube.
  • Fixed an issue that may prevent users from being notified about errors saving configuration, such as Alerts being created with the same name.

Reporter for FortiGate 1.0.1.71 (2023-04-20)
  • Fixed an issue preventing drill downs from Activity Reports that was introduced in the previous build.
  • Improved Activity Report loading.

Reporter for FortiGate 1.0.1.70 (2023-04-19)
  • Fixed issue preventing Activity Reports from loading correctly, showing an endless spinner for some hour tables.
  • Date picker now shows previous month and current month instead of current month and two future months.
  • Installer no longer shows prerequisite prompt if the IIS and .NET prerequisites are already installed.

Reporter for FortiGate 1.0.1.69 (2023-03-30)
  • Fixed Report error
    "Elastic shard failed: Type: script_exception Reason: "compile error" CausedBy: "Type: illegal_argument_exception Reason: "unexpected character [/^(.*[^\wÀ-ÿ]|)(Elden)([^\wÀ-ÿ].*|)))]." CausedBy: "Type: lexer_no_viable_alt_exception Reason: """"
  • Fixed Report error
    "org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:77)
    org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:36)
    valcount = doc[params.field].length;

  • Improved LDAP Directory connection logic preventing ‘LDAP server unavailable’ errors.
  • Fixed issue preventing drilling down into Keyword Groups from an existing report.

Reporter for FortiGate 1.0.1.68 (2023-03-01)
  • Resolved issue preventing directory / LDAP import for new installations.

Reporter for FortiGate 1.0.1.67 (2023-02-23)
  • Fastvue Reporter has always resolved source hosts for the common internal address ranges — 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16, [fe80::]/16, or [fc00::]/7. You can now add custom IP ranges by editing the ResolveSourceHostsIPRanges property in Fastvue Reporter’s Settings.xml file while the Fastvue Reporter service is stopped. Add a comma separated list of IP ranges that you would like to resolve in CIDR notation.

    For example:
    <Item Name="ResolveSourceHostsIPRanges" Type="System.String, mscorlib" Value="1.0.0.0/8,2.3.0.0/16,4.5.6.0/24" />

    Note, Source Hosts are only resolved when a username or source host has not been logged by the firewall.
    Fixed the alignment of chart bars to table rows in dashboard widgets when the table row expands to multiple lines.
  • Fixed the alignment of chart bars to table rows in dashboard widgets when the table row expands to  multiple lines.