Fortinet 3.0 MR7 manual 150

3If you want to exclude log messages with matching content in this column, select NOT.

If you want to include log messages with matching content in this column, deselect NOT.

4Enter the text that matching log messages must contain.

Matching log messages will be excluded or included in your view based upon whether you have selected or deselected NOT.

5Select OK.

A column’s filter icon is green when the filter is currently enabled. A Download Current View icon also appears, enabling you to download only log messages which meet the current filter criteria.

To disable a filter

1In the heading of the column whose filter you want to disable, select the filter icon. A column’s filter icon is green when the filter is currently enabled.

2To disable the filter on this column, deselect Enable.

Alternatively, to disable the filters on all columns, select Clear All Filters. This disables the filter; it does not delete any filter text you might have configured.

3Select OK.

A column’s filter icon is gray when the filter is currently disabled.

Filtering tips

When filtering by source or destination IP, you can use the following in the filtering criteria:

•a single address (2.2.2.2)

•an address range using a wild card (1.2.2.*)

•an address range (1.2.2.1-1.2.2.100)

You can also use a Boolean operator (or) to indicate mutually exclusive choices:

•1.1.1.1 or 2.2.2.2

•1.1.1.1 or 2.2.2.*

•1.1.1.1 or 2.2.2.1-2.2.2.10

Most column filters require that you enter the column’s entire contents to successfully match and filter contents; partial entries do not match the entire contents, and so will not create the intended column filter.

For example, if the column contains a source or destination IP address (such as 192.168.2.5), to create a column filter, enter the entire IP address to be matched. If you enter only one octet of the IP address, (such as 192) the filter will not completely match any of the full IP addresses, and so the resulting filter would omit all logs, rather than including those logs whose IP address contains that octet.

Exceptions to this rule include columns that contain multiple words or long strings of text, such as messages or URLs. In those cases, you may be able to filter the column using a substring of the text contained by the column, rather than the entire text contained by the column.