Reporter for FortiGate Release Notes
Reporter for FortiGate (2023-08-09)

AI Prompt Reporting (ChatGPT, Google Bard)
  • Fixed an issue where the Blocked Sites widget in the Internet Usage reports was not including sites blocked by the URL Filter feature. It included sites blocked by a Web Filter profile (e.g., a Category block), but not by the URL filter inside a Web Filter profile.
  • SecurityProtocols now enforces a minimum of TLS 1.2 by default, with an option to specify SecurityProtocols via XML settings.
  • Data Retention Policy enforcement now includes the size of today’s data in calculating the total size of data for the size policy, while still not deleting today’s data if it alone exceeds the size policy.
  • Fixed an issue introduced in the previous build where no records would be written to the Elasticsearch database until a minimum number of 10,000 syslog records were reached.
  • Fixed index management being unable to delete indexes in certain situations when an index has unassigned shards.
  • Fixed an issue with YouTube enrichment where some records would be imported without the enriched video metadata from YouTube. This meant you would see both the original YouTube URL as well as the enriched video title as separate items in the YouTube Videos report widget.
  • Switch buttons above Report widgets (e.g., Clean (on) | Clean (off) | Show Both) now indicate which option is currently selected.
Performance Improvements
  • Optimized memory and resource usage in a range of areas across the application. Note that if you have a large amount of data, you may still see memory usage often pegged near 100% due to the way Elasticsearch uses memory-mapped files; however, this memory is made available to other processes when needed and should not affect general performance.
Download Update
Reporter for FortiGate (2023-07-14)

Added FortiClient EMS Support (Experimental)
  • FortiClient EMS support: Use EMS to configure FortiClients to send UTM and Security logs to FortiAnalyzer (see Fortinet EMS System Settings, and configure FortiAnalyzer to forward logs to Fastvue Reporter.
  • Known Issues

    No size: No ‘size’ values are logged with FortiClient data so you will likely not see the data in any widget sorted by Size, such as Bandwidth reports, especially when normal FortiGate data is also being imported.

    No searches or videos: FortiClient does not log query strings in URLs therefore Fastvue Reporter is unable to extract or report on web searches or YouTube videos.

    Incomplete Categories: Some categories are not logged with their full name, for example, the URL category ‘Global Religion’ is just logged as ‘Global’, and ‘Real Estate’ is just logged as ‘Real’. We have mapped these truncated categories to the full category name where possible, however some categories such as ‘Web’ category could potentially mean Web Analytics, Web Chat or Web Hosting. ‘Personal’ could potentially mean Personal Privacy, Personal Vehicles or Personal Websites and Blogs. In these cases, we have added a new Category called ‘Web’ and ‘Personal’ and added them to the ‘Acceptable’ Productivity group. Not ideal, but the best we can do based on the data FortiClient supplies.
  • Fixed issue where log data will stop importing if the IP sending the syslog data changes. When adding syslog sources by a hostname / FQDN, Fastvue Reporter will now re-resolve the Source’s hostname to an IP when they detect they are no longer receiving syslog data from the IP the hostname last resolved to. The hostname to IP resolution previously only occurred when a Source is added, or when the Fastvue Reporter service is started.
  • Fixed issue where users logged with their UPN instead of their sAMAccountName would not be aliased to a user object in Active Directory. This meant they would not be displayed with their Display Name, or included in reports on AD Security Groups or Departments, Offices, or Companies)
  • Fixed issue where users with the same sAMAccountName from different domains would be aliased to the same user.
  • Top downloads widget on the Bandwidth dashboard now handles long URLs by truncating to one line, with the rest of the URL shown in a hover-over ellipsis.
Performance Improvements:
  • Further optimized the data import pipeline.
  • Reduced the performance impact of source host resolution by increasing the TTL for cached entries and reducing resolution attempts for failed resolutions.

Reporter for FortiGate (2023-06-26)

Improved FortiGate Integration
  • New Fields Added: Introduced new fields for Mime Type and HTTP Method.
Improved performance:
  • Optimized the live dashboard query processing and timing to reduce CPU wastage.
  • Optimized the import pipeline to reduce RAM, CPU, and I/O.
  • Adjusted the default database memory settings. JVM Heap Size now defaults to 50% of RAM or 1GB, whichever is larger, clamped up to 32GB. These settings are used when Memory Settings are set to ‘Automatic’ in Settings > Diagnostic > Database > Memory Settings.
  • Improved Search Term extraction rules including TikTok,,, Yahoo, and Bing chat.
  • Activity Reports now insert a column for Keyword Group when filtering by more than one Keyword Group.
  • The YouTube Videos widget now shows the original YouTube URL if YouTube integration is not enabled in Settings > YouTube.
  • Fixed an issue that may prevent users from being notified about errors saving configuration, such as Alerts being created with the same name.

Reporter for FortiGate (2023-04-20)
  • Fixed an issue preventing drill downs from Activity Reports that was introduced in the previous build.
  • Improved Activity Report loading.

Reporter for FortiGate (2023-04-19)
  • Fixed issue preventing Activity Reports from loading correctly, showing an endless spinner for some hour tables.
  • Date picker now shows previous month and current month instead of current month and two future months.
  • Installer no longer shows prerequisite prompt if the IIS and .NET prerequisites are already installed.

Reporter for FortiGate (2023-03-30)
  • Fixed Report error
    "Elastic shard failed: Type: script_exception Reason: "compile error" CausedBy: "Type: illegal_argument_exception Reason: "unexpected character [/^(.*[^\wÀ-ÿ]|)(Elden)([^\wÀ-ÿ].*|)))]." CausedBy: "Type: lexer_no_viable_alt_exception Reason: """"
  • Fixed Report error
    valcount = doc[params.field].length;

  • Improved LDAP Directory connection logic preventing ‘LDAP server unavailable’ errors.
  • Fixed issue preventing drilling down into Keyword Groups from an existing report.

Reporter for FortiGate (2023-03-01)
  • Resolved issue preventing directory / LDAP import for new installations.

Reporter for FortiGate (2023-02-23)
  • Fastvue Reporter has always resolved source hosts for the common internal address ranges —,,,, [fe80::]/16, or [fc00::]/7. You can now add custom IP ranges by editing the ResolveSourceHostsIPRanges property in Fastvue Reporter’s Settings.xml file while the Fastvue Reporter service is stopped. Add a comma separated list of IP ranges that you would like to resolve in CIDR notation.

    For example:
    <Item Name="ResolveSourceHostsIPRanges" Type="System.String, mscorlib" Value=",," />

    Note, Source Hosts are only resolved when a username or source host has not been logged by the firewall.
    Fixed the alignment of chart bars to table rows in dashboard widgets when the table row expands to multiple lines.
  • Fixed the alignment of chart bars to table rows in dashboard widgets when the table row expands to  multiple lines.

Reporter for FortiGate (2023-02-10)
  • YouTube shorts are now officially supported. Video IDs are now correctly extracted from URLs and resolved using the YouTube API when users watch YouTube Shorts.
  • Default syslog encoding is now set to UTF-8 fixing import issues with non-english character sets. The encoding can be changed by editing the value of the SyslogGlobalEncodingType setting in Fastvue Reporter’s Settings.xml file. Possible values include UTF-8, ASCII, UTF-16 and UTF-32.
  • Fixed an issue with ‘whole word’ keyword matching when the phrase contains non-english characters such as the é in appétit.
  • Fixed display issues with the ‘Print’ style when printing reports in the browser.
  • Fixed display issues with the buttons above some Report widgets preventing them wrapping to multiple lines.

Reporter for FortiGate (2022-12-14)
  • Activity Reports filtered by Keyword Groups now contain relevant columns in the report output. For example, filtering by Search Terms ‘In Keyword Group’ Self-harm, returns a column showing the matching Search Terms.
  • Improved search term extraction for a range of websites.
  • Updated FortiGate loader to understand new message IDs introduced in FortiOS 7.2.2.
  • VPN session types now support “ipsecvpn” sessions.
  • Fixed an issue that can prevent reports from generating if an extracted Search Term is a DateTime value.
  • Saving an invalid YouTube API key is now prevented.
  • Fixed an issue sorting alerts as per their order in the underlying Alerts.xml configuration file. Factory defined alerts are still grouped together at the bottom of the alerts list with custom alerts above.