Reporter for FortiGate Release Notes
Reporter for FortiGate 1.0.1.71 (2023-04-20)
  • Fixed an issue preventing drill downs from Activity Reports that was introduced in the previous build.
  • Improved Activity Report loading.

Reporter for FortiGate 1.0.1.70 (2023-04-19)
  • Fixed issue preventing Activity Reports from loading correctly, showing an endless spinner for some hour tables.
  • Date picker now shows previous month and current month instead of current month and two future months.
  • Installer no longer shows prerequisite prompt if the IIS and .NET prerequisites are already installed.

Reporter for FortiGate 1.0.1.69 (2023-03-30)
  • Fixed Report error
    "Elastic shard failed: Type: script_exception Reason: "compile error" CausedBy: "Type: illegal_argument_exception Reason: "unexpected character [/^(.*[^\wÀ-ÿ]|)(Elden)([^\wÀ-ÿ].*|)))]." CausedBy: "Type: lexer_no_viable_alt_exception Reason: """"
  • Fixed Report error
    "org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:77)
    org.elasticsearch.search.lookup.LeafDocLookup.get(LeafDocLookup.java:36)
    valcount = doc[params.field].length;

  • Improved LDAP Directory connection logic preventing ‘LDAP server unavailable’ errors.
  • Fixed issue preventing drilling down into Keyword Groups from an existing report.

Reporter for FortiGate 1.0.1.68 (2023-03-01)
  • Resolved issue preventing directory / LDAP import for new installations.

Reporter for FortiGate 1.0.1.67 (2023-02-23)
  • Fastvue Reporter has always resolved source hosts for the common internal address ranges — 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16, [fe80::]/16, or [fc00::]/7. You can now add custom IP ranges by editing the ResolveSourceHostsIPRanges property in Fastvue Reporter’s Settings.xml file while the Fastvue Reporter service is stopped. Add a comma separated list of IP ranges that you would like to resolve in CIDR notation.

    For example:
    <Item Name="ResolveSourceHostsIPRanges" Type="System.String, mscorlib" Value="1.0.0.0/8,2.3.0.0/16,4.5.6.0/24" />

    Note, Source Hosts are only resolved when a username or source host has not been logged by the firewall.
    Fixed the alignment of chart bars to table rows in dashboard widgets when the table row expands to multiple lines.
  • Fixed the alignment of chart bars to table rows in dashboard widgets when the table row expands to  multiple lines.

Reporter for FortiGate 1.0.1.66 (2023-02-10)
  • YouTube shorts are now officially supported. Video IDs are now correctly extracted from URLs and resolved using the YouTube API when users watch YouTube Shorts.
  • Default syslog encoding is now set to UTF-8 fixing import issues with non-english character sets. The encoding can be changed by editing the value of the SyslogGlobalEncodingType setting in Fastvue Reporter’s Settings.xml file. Possible values include UTF-8, ASCII, UTF-16 and UTF-32.
  • Fixed an issue with ‘whole word’ keyword matching when the phrase contains non-english characters such as the é in appétit.
  • Fixed display issues with the ‘Print’ style when printing reports in the browser.
  • Fixed display issues with the buttons above some Report widgets preventing them wrapping to multiple lines.

Reporter for FortiGate 1.0.1.65 (2022-12-14)
  • Activity Reports filtered by Keyword Groups now contain relevant columns in the report output. For example, filtering by Search Terms ‘In Keyword Group’ Self-harm, returns a column showing the matching Search Terms.
  • Improved search term extraction for a range of websites.
  • Updated FortiGate loader to understand new message IDs introduced in FortiOS 7.2.2.
  • VPN session types now support “ipsecvpn” sessions.
  • Fixed an issue that can prevent reports from generating if an extracted Search Term is a DateTime value.
  • Saving an invalid YouTube API key is now prevented.
  • Fixed an issue sorting alerts as per their order in the underlying Alerts.xml configuration file. Factory defined alerts are still grouped together at the bottom of the alerts list with custom alerts above.

Reporter for FortiGate 1.0.1.64 (2022-10-13)
  • Added a Policies widget to the IT Network and Security, and All Usage reports. 
  • Most report widgets now expand long strings to multiple lines instead of being truncated with an ellipsis.
  • Improved the performance of syslog import when you have many syslog sources.
  • Fixed an issue introduced the previous build where directory / LDAP import causes a memory issue when importing result sets containing more than 500 entities.
  • Usernames are now shown based on the following field fallback order: xauthuser, user, useralt, dstuser, unauthuser, dstunauthuser. 
  • Fixed issues with this keyword highlighting positioning in certain keyword matching situations. 
  • Added checks for invalid characters in filenames and file extensions.
  • Added more instruments to the hidden page at /settings/DiagStats.aspx for the main four Elasticsearch request queues (Bulk, Management, Search, Warmer), named “dbEsqIndex”, “dbEsqMgmt”, “dbEsqSearch”, and “dbEsqWarmer”. Cache information has been added to DiagStats, along with a button to manually clear caches. 
  • As disk performance can greatly impact Fastvue Reporter’s performance, a basic disk benchmark tool has been added to the hidden diagnostic page at /settings/DiagStats.aspx, showing sequential/random read/write performance, as well as random seek latency. Additional instruments and cache information have also been added.
  • User statistics in Settings | Licensing | User Statistics no longer include users associated with Failed VPN logins.

Reporter for FortiGate 1.0.1.63 (2022-09-13)
  • You can now adjust the username display format in Settings | Directory / LDAP | User Settings.
    By default, for new installs, authenticated users are displayed as “displayName (samAccountName)”. E.g. “Jane Doe (j.doe)”, to assist in identifying different users with the same name. More advanced customizations using other AD attributes can be made by carefully editing the UserAttrDisplayName element in Fastvue Reporter’s Settings.xml file when the Fastvue Reporter service is stopped. Please reach out to support@fastvue.co for assistance.
  • Search term extraction logic and has been updated to better support a range of websites, including TikTok, Pinterest, Yandex, Tumblr, Swiggle & Internet Archive.
  • Fixed issues with the keyword highlighting feature that may occur when multiple keywords or excludes exist in a phrase.
  • The data retention size threshold now ignores the current day to prevent the index from being destroyed and recreated repeatedly, but this may mean that the size threshold may be ignored if the current day exceeds the limit. Also added a daily clean up task to remove temporary files more regularly.
  • LDAP directory import implementations have been updated to better handle timeouts and ldap exceptions/errors.
  • Added a user interface to manage Elasticsearch indexes in Settings | Diagnostic | Database | Index Management. This includes options to open, close, reindex, merge segments, and delete indexes.
  • Added a user interface to change Elasticsearch’s Index Store Mode from mmapfs (default) to niofs. This is available in Settings | Diagnostic | Database | Memory Settings. When using mmapfs you’ll see increased memory usage but faster report generation. With niofs you’ll see reduced memory usage but slower report generation. The only time you should consider changing to niofs is when your Fastvue server is constrained on memory, but you have very fast SSD harddrives, and you’re willing to wait longer for reports to generate. For more information about these Elasticsearch Index Store Modes, see https://www.elastic.co/guide/en/elasticsearch/reference/5.6/index-modules-store.html
  • If reports on large date ranges are failing with a timeout error, you can now configure this timeout by carefully editing the DatabaseElasticRequestTimeout element in Fastvue Reporter’s Settings.xml file when the Fastvue Reporter service is stopped. The value is specified in seconds, and defaults to 300 (5 minutes). If you’re experiencing timeout errors when running reports, try increasing this value to 1200 (20 minutes). This changes how long Fastvue Reporter is willing to wait for a response from the Elasticsearch database when running queries.

Reporter for FortiGate 1.0.1.62 (2022-06-14)
  • This is the first public release introducing Fastvue Reporter’s new central Keywords feature. This feature centralizes all safeguarding keywords in one place (Self Harm, Extremism, Drugs, and Adult and Profanity), giving you greater control over keyword matches against searches and YouTube video titles in Reports and Alerts.

    Keywords are automatically cloud-updated with new words and phrases, and the introduction of whole word matching and comprehensive excluding functionality drastically reduces false positives.
  • Added an ‘Edit Keyword’ action to the Keyword Matched Searches and Keyword Matched Videos widgets in Overview Reports, making it easy to exclude words and phrases from the matching keyword to reduce future false positives.
  • Very long phrases now wrap to multiple lines in Reports.
  • Fixed issue where the keyword highlighting may be in the incorrect position.
  • The time threshold for ‘No syslog data received’ alerts is now configurable via the settings.xml file in Fastvue Reporter’s data location by adding this line (make sure the Fastvue Reporter service is not running when editing this file):

    <Item Name="SyslogInactivityThreshold" Type="System.TimeSpan, mscorlib" Value="600000000" />

    The “Value” needs to be represented in .NET ticks. Here is a handy online converter.
  • Windows installers now support installing in silent mode. Instructions for using this can be found at https://kb.fastvue.co/fortigate/s/article/Silent-non-interactive-installation