Searching the logs

Log

Device/Group Select to search logs from the FortiAnalyzer unit (LocalLogs), a device, or a device group.

Date Select to search logs from a time frame, or select Specify and define a custom time frame by selecting the From and To date and times.

From

Enter the date and select the time of the beginning of

 

the custom time range.

 

This option appears only when Date is Specify.

To

Enter the date and select the time of the end of the

 

custom time range.

 

This option appears only when Date is Specify

Keyword(s) Enter search terms which will match to yield log message search results. To specify that results must include all, any, or none of the keywords, select these options in Match.

Quick Search Select to perform a Quick Search. Keywords for a Quick Search cannot contain special characters. Quick Search examines only indexed fields.

Full Search Select to perform a Full Search. Keywords for a Full Search may contain special characters. Full Search examines all log message fields.

More Options Select the blue arrow to hide or expand additional search options.

Match Select how keywords are used to match log messages which comprise search results.

• All Words: Select to require that matching log messages must contain all search keywords. If a log message does not contain one or more keywords, it will not be included in the search results.

• Any Words: Select to require that matching log messages must contain at least one of the search keywords. Any log message containing one or more keyword matches will be included in the search results.

• Does Not Contain the Words: Select to require that matching log messages must not contain the search keywords. If a log message contains any of the search keywords, it will be excluded from the search results.

Other Filters Specify additional criteria, if any, that can be used to further restrict the search criteria.

• Log Type: Select to include only log messages of the specified type. For example, selecting Traffic would cause search results to include only log messages containing type=traffic.

• Log Severity: Select to include only log messages of the specified severity. For example, selecting Notice would cause search results to include only log messages containing pri=notice.

• Source IP: Enter an IP address to include only log messages containing a matching source IP address. For example, entering 192.168.2.1 would cause search results to include only log messages containing src=192.168.2.1 and/or content log messages containing a client IP address of 192.168.2.1.

FortiAnalyzer Version 3.0 MR7 Administration Guide

102

05-30007-0082-20080908

Page 101 Page 103
Page 102
Image 102
Fortinet 3.0 MR7 manual Searching the logs, From
Page 101 Page 103
Top Page Image Contents