Fortinet 3.0 MR7 manual To search the logs Go to Tools Network Analyzer Search, Other

More Options Select the blue arrow to hide or expand additional search options.

To search the logs

1Go to Tools > Network Analyzer > Search.

2From Date, select Any time to search log messages from all time periods, select a predefined time period, or select Specify and then define the starting and ending time of your custom time period.

3In Keyword(s), enter your search criteria.

4If you want to specify additional match or filter criteria, select More Options to expand that area, then configure those options.

5Select Quick Search or Full Search.

Time required to retrieve search results varies by the complexity of the search query, the amount of log data being searched, and whether you select Quick Search or Full Search.

Search tips

If your search does not return the results you expect, but log messages exist that should contain matching text, examine your keywords and filter criteria using the following search characteristics and recommendations.

•Separate multiple keywords with a space (arp who-has 1.1.1.1).

•Keywords cannot contain unsupported special characters. Supported characters vary by selection of Quick Search or Full Search.

•Keywords must literally match log message text, with the exception of case insensitivity and wild cards; resolved names and IP aliases will not match.

•Some keywords will not match unless you include both the log field name and its value, surrounded by quotes (“Ack=2959769124”).

•Remove unnecessary keywords and search filters which can exclude results. For a log message to be included in the search results, all keywords must match; if any of your keywords does not exist in the message, the match will fail and the message will not appear in search results.

•You can use the asterisk (*) character as a wild card (192.168.2.*). For example, you could enter any partial term or IP address, and then enter * to match all terms that have identical beginning characters or numbers.