Manuals / Fortinet / Computer Equipment / Network Card

Fortinet 3.0 MR7 Filtering tips, To filter log messages by column contents, To disable a filter

Models: 3.0 MR7

1 234

Download 234 pages 61.67 Kb

Page 100

Customizing the log view

Log

Note: Filters do not appear in Raw view, or for unindexed log fields in Formatted view.

When viewing real-time logs, you cannot filter on the time column: by definition of the real- time aspect, only current logs are displayed.

Figure 6: Filter icons

Filter icon

Filter in use

To filter log messages by column contents

1In the heading of the column that you want to filter, select the filter icon.

2Select Enable.

3If you want to exclude log messages with matching content in this column, select NOT.

If you want to include log messages with matching content in this column, deselect NOT.

4Enter the text that matching log messages must contain.

Matching log messages will be excluded or included in your view based upon whether you have selected or deselected NOT.

5Select OK.

A column’s filter icon is green when the filter is currently enabled. A Download Current View icon also appears, enabling you to download only log messages which meet the current filter criteria.

To disable a filter

1In the heading of the column whose filter you want to disable, select the filter icon. A column’s filter icon is green when the filter is currently enabled.

2To disable the filter on this column, deselect Enable.

Alternatively, to disable the filters on all columns, select Clear All Filters. This disables the filter; it does not delete any filter text you might have configured.

3Select OK.

A column’s filter icon is gray when the filter is currently disabled.

Filtering tips

When filtering by source or destination IP, you can use the following in the filtering criteria:

•a single address (2.2.2.2)

•an address range using a wild card (1.2.2.*)

•an address range (1.2.2.1-1.2.2.100)

You can also use a Boolean operator (or) to indicate mutually exclusive choices:

•1.1.1.1 or 2.2.2.2

•1.1.1.1 or 2.2.2.*

	FortiAnalyzer Version 3.0 MR7 Administration Guide
100	05-30007-0082-20080908

Image 100

Fortinet 3.0 MR7 manual Filtering tips, To filter log messages by column contents, To disable a filter

Contents

M I N I S T R a T I O N G U I D E Regulatory compliance TrademarksFCC Class a Part 15 CSA/CUS Contents Radius Server Administrator Settings Viewing session information Filtering session informationLog Receive Monitor Intrusion Activity Adding a routeDevice Content Archive 107Log Reports 113 Quarantine 131Alert 133 Network Analyzer 141Tools 157 Managing firmware versions 169Appendix FortiAnalyzer reports in 3.0 MR7 185 Index 213Introduction About this documentDescribes how to install and set up the FortiAnalyzer unit Fortinet documentationCustomer service and technical support Fortinet Tools and Documentation CDFortinet Knowledge Center Comments on Fortinet technical documentationCustomer service and technical support What’s new for 3.0 MR7 High-end FortiAnalyzer units support additionalFortiAnalyzerVersion 3.0 MR7 Administration Guide MR7 new features and changes Power supply monitoring for FortiAnlayzer-2000A and 4000ARegistered devices’ hard limits CLI displays the tasks in the upload queueReport configuration enhancements Config log settings Set custom-field1-5Custom fields for log messages ReportsAll other reports, for example VoIP reportsReportHeadquarters-2008-05-26-1030 Alert email configuration changes Administrative Domains ADOMs About administrative domains ADOMsAbout administrative domains ADOMs FortiAnalyzer Model Number of Administrative Domains Configuring ADOMs To enable ADOMsGo to System Admin Settings Enable Admin Domain Configuration Select OK Message appearsTo disable ADOMs Go to Global Configuration System Admin SettingsTo add or edit an Adom Select OK FortiAnalyzer unit logs you outAccessing ADOMs as the admin administrator Assigning administrators to an AdomTo access an Adom To assign an administrator to an AdomDashboard SystemSystem Information To rearrange a Dashboard widget Go to System Dashboard To refresh a Dashboard widget Go to System DashboardTabs To include a Dashboard widget Go to System DashboardTo omit a Dashboard widget Go to System Dashboard To add a tab Go to System DashboardDouble-click on the name of the tab and select the X symbol RAID MonitorEnter a new name and press Enter To delete a tab Go to System DashboardSystem Information Rebuilding iconSetting the time 05-30007-0082-20080908Changing the host name Changing the firmwareLicense Information To change the host name Go to System DashboardSystem Resources Viewing operational historyRVS Plug-ins Device License Memory UsageSystem Operation Formatting the log disksTo format the log disks Go to System Dashboard Systems Operations area, select Format Log Disks Select OKResetting to the default configuration Alert Message ConsoleViewing alert console messages To view alert console messages Go to System DashboardStatistics Viewing session informationSelect the delete icon ConnectionsFiltering session information Report EngineTo view the session information Go to System Dashboard Statistics area, next to Connections, select DetailsLog Receive Monitor TypeTop N PeriodVirus Activity Intrusion ActivityDisplay by Top FTP Traffic Virus Activity widgetTop Email Traffic Top Email Traffic, select EditTop IM/P2P Traffic Top IM/P2P Traffic, select Edit in the title bar areaTo edit information for Top Traffic Go to System Dashboard Top TrafficTop Traffic, select Edit in the title bar area Top Web Traffic Top Web Traffic, select EditNetwork InterfaceChanging interface settings AdministrativeStatus ModifyTo configure DNS settings Go to System Network DNS About Fortinet Discovery ProtocolRouting Enter an IP address for a primary and secondary DNS serverAdmin Select Create New Configure the following optionsAdding a route To add a static route Go to System Network RoutingAdding or editing an administrator account Changing an administrator’s password Access ProfileAccess Profile Admin DomainTo add a group Go to System Admin Auth Group Auth GroupNone Read OnlyAdministrator Settings To add a Radius server Go to System Admin Radius ServerSelect Create New Configure the following and select OK Radius ServerNetwork Sharing MonitorAdding share users To add a user account Go to System Network Sharing UserAdding share groups Configuring Windows sharesTo add a user group Go to System Network Sharing Group Assigning user permissions PermissionsConfiguring NFS shares Remote ClientsDefault file permissions on NFS shares ConfigAutomatic file deletion and local log settings FortiAnalyzer unit log settings Log Locally Log Level Allocated Disk Space MBConfiguring log aggregation FortiAnalyzer-400 FortiAnalyzer-800/800BFortiAnalyzer-2000/2000A FortiAnalyzer-4000/4000AConfiguring an aggregation client Configuring an aggregation serverConfiguring log forwarding To forward log events Go to System Config Log ForwardingConfiguring IP aliases To add an IP alias Go to System Config IP AliasTo edit an IP alias Go to System Config IP Alias To import the alias file Go to System Config IP AliasIP alias ranges Configuring RAIDRAID levels Linear RAIDHot swapping hard disks RAID 5 with hot spareFortiAnalyzer-400 disk drive configuration FortiAnalyzer-800/800B disk drive configurationFortiAnalyzer-2000/2000A disk drive configuration To swap a hard disk Go to System Config RAIDFortiAnalyzer-4000 disk drive configuration Configuring RAID on the FortiAnalyzer-400 As well as from System Config RAIDFortiAnalyzer-800/800B Level 1Configuring Ldap connections Size GBTo define an Ldap server query Go to System Config Ldap Select Create New. Complete the followingBackup & Restore MaintenanceBackup Back up the current configuration FortiGuard Center 10.10.1.108889 Update ScheduledEvery DailyMaintenance Device Viewing the device listAdd Device ShowUnregistered Device Options HardwareSecure Connection Disk Space MB Used/Allocated ActionMaximum number of devices To delete a device Go to Device All DeviceUnregistered vs. registered devices Configuring unregistered device connection attempt handling Or the following options for unknown device types Manually adding a device Device Name Device IDMode Member IDsWhen Allocated Disk Space is All Used Devices Privileges Group Membership FortiGate Interface SpecificationClassifying FortiGate network interfaces Configure the FortiGate device For more information, see Manually adding a device onOn the FortiAnalyzer unit, go to Device All To enable the FortiAnalyzer unit to reply to FDP packetsGo to System Network Blocking device connection attempts Hardware ModelTo block a device Go to Device All Device Configuring device groupsTo unblock a device Go to Device All Blocked Device To configure a device group Go to Device Group Device Group To delete a device group Go to Device Group Device GroupGroup Name MembersViewing log messages LogViewing current log messages Viewing historical log messages Settings ColumnTo view historical logs Go to Log Log Viewer Historical Browsing log filesImport Viewing log file contents Importing a log file To import a log file Go to Log BrowseDownloading a log file To download a whole log file Go to Log BrowseTo download a partial log file Go to Log Browse Convert to CSV format Compress with gzipSelect Download Current View Configure the following Customizing the log viewDisplaying and arranging log columns To display logs in Raw or Formatted viewTo display or hide columns Filtering logsTo change the order of the columns To disable a filter To filter log messages by column contentsFiltering tips Searching the logs 101Searching the logs FromTo search the logs Go to Log Search Search tips103 Printing the search results 192.168.* action=loginDownloading the search results To download log search results Go to Log Search Rolling and uploading logs105 Exceed Not exceededServer IP address Username107 108 Content Archive Viewing content archivesPrintable Version Delete associated content archive files View per page Page n of n Column SettingsTimeframe Customizing the content archive view 109Filter icons in the content logs 111 Searching full email content archives Last activity 113114 Configuring reports ReportsConfiguring report layout Name Enter a name for the report Description To configure a report layout Go to Report Config Layout115 Header Logo Title Page LogoCategory Editing charts in a report layout 117To edit a chart Maximum Entries Top N Time Scale AdvancedConfiguring report schedules To edit textTo edit section 119To configure a report schedule Go to Report Schedule Schedule NameReport layout Name ScheduleLog Data Filtering Data FilterTime Period 121Configuring data filter templates Data filter templatesSources Filter logic123 Destinations InterfacesPolicy IDs Day of the WeekConfiguring report output templates 125FTP/SFTP/SCP Server Action Output template127 Configuring language Nomatch=No matching log data for this report# Localization uses a Latin character set Comment is129 Languages FontSave the format file Language file error messages Error message Description131 Browsing reports 133 134 Quarantine Viewing quarantined filesQuarantined files for a specific device SeeService Date & TimeChecksum Status DescriptionAlert Events AlertTriggers Adding an alert event To add a new alert event Go to Alert Alert EventConfiguring alerts by email server OutputTo Email Address AddTesting the mail server configuration Configuring Snmp traps and alertsEnable Smtp Server137 Adding an Snmp server FortiAnalyzer Snmp supportFortinet MIB Administrator Accounts Fortinet MIB System TrapsFortinet MIB Logging Traps Fortinet MIB VPN TrapsConfiguring alerts by Syslog server Adding a Syslog serverRFC-1213 MIB RFC-2665 Ethernet-like MIBConfigure the following options, and select OK 141142 Config log settings Set enableanalyzer yes End Network AnalyzerExample network topology for Network Analyzer use Viewing current Network Analyzer log messages Viewing Network Analyzer log messages143 Protocol Protocol used when sending the traffic Message Viewing historical Network Analyzer log messagesViewing Network Analyzer log file contents Browsing Network Analyzer log filesResolve Service View n per page Page n of n Column Settings Printable Version Download Current ViewDownloading a Network Analyzer log file 147Customizing the Network Analyzer log view Displaying and arranging Network Analyzer log columnsFilter icons in Network Analyzer 149150 Searching the Network Analyzer logs KeywordsQuick Search Full SearchTo search the logs Go to Tools Network Analyzer Search Other172.20.120.127 tcp 153Rolling and uploading Network Analyzer logs Select the download options that you want, then select OKLog file should be rolled... even if size is not exceeded 155Select the protocol to use when uploading to the server Preparing for the vulnerability scan job Tools157 Preparing Windows target hosts 159 To enable NetBIOS Go to Start Control Panel Preparing Unix target hosts Viewing vulnerability scan modules161 Vulnerability Scan modules View modules with severity Details Configuring vulnerability scan jobs163 Job Name TargetRemote Authentication User Name Select Create New Complete the followingScan Targets Quick ScanEmail Attachment File outputEmail Body Viewing vulnerability scan reports 167End Time File ExplorerFormats File Explorer with Storage directory expanded 169170 Backing up your configuration Managing firmware versionsBacking up your configuration using the web-based manager Backing up your configuration using the CLITo back up your configuration file using the CLI Execute backup config filename addressip passwd171 Press any key to display configuration menu… Testing firmware before upgradingTo test the firmware image before upgrading Enter Tftp server address Enter Local AddressEnter firmware image file name image.out 173Upgrading using the web-based manager Upgrading your FortiAnalyzer unitUpgrading to FortiAnalyzer OnlyUpgrading using the CLI To upgrade to FortiAnalyzer 3.0 using the web-based managerTo upgrade to FortiAnalyzer 3.0 using the CLI Execute restore image namestr tftpip4Verifying the upgrade Get system statusReverting to a previous firmware version Downgrading to FortiLogSelect OK Following message appears 177Downgrading to FortiLog 1.6 using the CLI To downgrade using the CLIExecute restore image tftp namestr tftpipv4 Execute restore image tftp image.out179 Restoring your configuration Restoring configuration settings on a FortiAnalyzer unitTo restore a firmware image to the FortiAnalyzer unit Execute rebootWhen this message appears Press any key to display configuration menuEnter File Name image.out 181Restoring your configuration settings using the CLI To restore configuration settings using the CLIExecute restore config namestr tftpipv4 passwrd Execute restore config confall 192.168.1.168 ghrffdt123183 184 FortiGate reports Appendix FortiAnalyzer reports in 3.0 MR7185 Intrusion Activity reports MR6 reports MR7 reports Antivirus ActivityAntivirus Activity reports MR6 reports MR7 reports Antivirus Activity reports 187Top Virus Destinations over POP3 WebFilter Activity reports MR6 reports MR7 reports Webfilter Activity189 WebFilter Activity reports Antispam ActivityAntispam Activity reports MR6 reports MR7 reports IM Activity Antispam Activity reportsIM reports MR6 reports MR7 reports 191IM reports VoIP reports MR7 reportsVoIP reports Content Activity193 Network Activity Content Activity reports MR6 reports MR7 reportsNetwork Activity reports MR6 reports MR7 reports Network Activity reports Web Activity195 FTP Activity Mail ActivityReport, Top Mail Servers Connections remains unchanged Terminal Activity VPN ActivityFTP Activity reports Terminal Activity reports MR6 reports MR7 reportsVPN Activity reports MR6 reports MR7 reports Event ActivityEvent Activity reports MR6 reports MR7 reports P2P Activity Report, Top Event Categories by Status, was removedEvent Activity reports P2P Activity reports MR6 reports MR7 reportsAudit Activity P2P Activity reportsSummary Reports 201Forensic Reports AuditDetailed Report, Top Client Requests to Permitted Sites, was removedFortiMail Reports SummaryMail High Level 203Mail High Level reports Mail Sender reports MR6 reports MR7 reports Mail Sender205 Mail Recipient Activity Mail Destination IPMail Sender reports Mail Recipient Activity reports MR6 reports MR7 reportsSpam Sender Mail Destination IP reports MR6 reports MR7 reportsSpam Sender reports MR6 reports MR7 reports 207Spam Sender reports Spam RecipientSpam Recipient reports MR6 reports MR7 reports Spam Destination IP Virus SenderSpam Recipient reports Spam Destination IP reports MR6 reports MR7 reportsVirus Sender reports MR6 reports MR7 reports Virus Recipient Virus Sender reportsVirus Recipient reports MR6 reports MR7 reports 211FortiClient Reports Virus Destination IPIndex 213FDN FTP 215Mail server 135 Main Menu 20 managing firmware RFC 217See also protocol test 219 Index FortiAnalyzer Version 3.0 MR7 Administration Guide