Network Analyzer

Searching the Network Analyzer logs

You can search for IP ranges, including subnets. For example:

172.168.1.1/24 or 172.168.1.1/255.255.255.0 matches all IP addresses in the subnet 172.168.1.1/255.255.255.0

172.168.1.1-140.255matches all IP addresses from 172.168.1.1 to 172.168.140.255

The search returns results that match all of the search terms.

For example, consider two similar keyword entries: 172.20.120.127 tcp and 172.20.120.127 udp. If you enter the keywords 172.20.120.127 tcp, UDP traffic would not be included in the search results, since although the first keyword (the IP address) matches, the second keyword, tcp, does not match.

The search returns results that match all, any, or none of the search terms, according to the option you select in Match.

For example, if you enter into Keyword(s):

172.20.120.127 tcp

and if from Match you select All Words, log messages for UDP traffic to 172.20.120.127 do not appear in the search results, since although the first keyword (the IP address) appears in log messages, the second keyword (the protocol) does not match UDP log messages, and so the match fails for UDP log messages. If the match fails, the log message is not included in the search results.

Printing the search results

After completing a search, a Printable Version button appears, allowing you to download a printable HTML copy of the search results.

Select the Printable Version button to download the results. You can print this file, save it to your computer for later use, or email it.

Downloading the search results

The FortiAnalyzer unit enables you to download the results of a search.

After completing a search, a Download Current View button appears. Select the button to download the results.

Search results can be saved in comma-separated value (.csv) format or in standard log (.log) format.

Note: Large logs require more time to download. Download times can be improved by selecting Compress with gzip.

To download log search results

1Go to Tools > Network Analyzer > Search.

2Perform a search using either basic or advanced search.

If your search finds one or more matching log events, a Download Current View button appears next to the Printable Version button.

3Select Download Current View.

Options appear for the download’s file format and compression.

FortiAnalyzer Version 3.0 MR7 Administration Guide

 

05-30007-0082-20080908

153

Page 163
Image 163
Fortinet 3.0 MR7 manual 172.20.120.127 tcp, 153