Fortinet 3.0 MR7 manual Searching the logs, 101

• 1.1.1.1 or 2.2.2.1-2.2.2.10

Most column filters require that you enter the column’s entire contents to successfully match and filter contents; partial entries do not match the entire contents, and so will not create the intended column filter.

For example, if the column contains a source or destination IP address (such as 192.168.2.5), to create a column filter, enter the entire IP address to be matched. If you enter only one octet of the IP address, (such as 192) the filter will not completely match any of the full IP addresses, and so the resulting filter would omit all logs, rather than including those logs whose IP address contains that octet.

Exceptions to this rule include columns that contain multiple words or long strings of text, such as messages or URLs. In those cases, you may be able to filter the column using a substring of the text contained by the column, rather than the entire text contained by the column.

Searching the logs

You can search the device log files for matching text using two search types: Quick Search and Full Search.

You can use Quick Search to find results more quickly if your search terms are relatively simple and you only need to search indexed log fields. Indexed log fields are those that appear with a filter icon when browsing the logs in column view; unindexed log fields do not contain a filter icon for the column or do not appear in column view, but do appear in the raw log view. Quick Search keywords cannot contain:

•special characters such as single or double quotes (‘ or “) or question marks (?)

•wild card characters (*), or only contain a wild card as the last character of a keyword (logi*)

You can use Full Search if your search terms are more complex, and require the use of special characters or log fields not supported by Quick Search. Full Search performs an exhaustive search of all log fields, both indexed and unindexed, but is often slower than Quick Search.

Figure 7: Log Search