FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
vkumar_FTNT
Staff
Staff
Article Id 197174

Description
This article describes how sent and receive bytes are calculated under  FortiView  >  Application & websites > Top cloud applications . These are populated by using "File size" field in the application control logs unlike what it is done for all other Fortiview Tabs having sent and received bytes which relies solely on sent and received bytes populated under traffic logs.

Top Cloud application relies on Application Control logs which neither populate 'sent & received bytes' nor does  'Application control' records traffic volume as it gets triggered on traffic patterns. However Application Control tracks traffic volumes for certain Applications like uploads or downloads. This is logged under 'Application Control log' , column "File size".

This field is then used to populate Bytes(Sent/Received) under FortiView > Application & websites  > Top cloud applications
1> Send (upload)  - filesize is calculated for signatures that get triggered on file/data uploads
2> Receive (download) -  filesize is calculated for signatures that get triggered on file/data downloads

Solution
Below screenshots illustrate , bytes are always empty.

Reason being there are no actual File upload/downloads or videos played.
 

After some videos are actually played on youtube , Fortiview populates Bytes

Checking the session details for youtube , it will be noticed that sent/received bytes are always 0.

 
But this data is populated from Application control logs > file size column



Contributors