Manuals / Fortinet / Computer Equipment / Network Card

Fortinet FortiLog-100, FortiLog-800 Log Search, Log watch Active mode, Show Up and Down arrows

Models: FortiLog-100 FortiLog-400 FortiLog-800

1 124

Download 124 pages 26.49 Kb

Page 78

Log Search	Using Logs

Log Search

Use the Log Search, to perform a simple search of all log files on the FortiLog unit. The FortiLog unit maintains a search history for future use. If you need to clean out a long search history, select Clear History.

To search the log files for specific information

1Go to File Browse > Log Search.

2Enter the keywords for the search and select Search. The search results appear below the search fields.

Log watch (Active mode)

Log watch enables you to monitor a device log as it is updated to the FortiLog unit.The

FortiLog unit refreshes the view of the device log for the selected interval.

Note: The feature is only available to active log files. That is, log files that are continually updated from a registered device.

To set log watching

1Go to File Browse > Logs.

2Select the device you wish to monitor from the device list.

3Select Watch in the Action column.

Figure 47: Log watch settings

4Select Column Settings to set the log information you want to view:

Refresh	Select an automatic refresh rate between zero (none) and 30 seconds.
	Select Refresh to manually refresh the screen.
Raw	Select to view the log information as it appears in the log. Select Formatted
	to return to the column view.

Show

Up and Down arrows

Select the columns of information you want to view in the log.

Select a row and select the up and down arrows to reposition the column within the display.

78

05-16000-0082-20050115

Fortinet Inc.

Image 78

Fortinet FortiLog-100, FortiLog-800 manual Log Search, Log watch Active mode, To set log watching Go to File Browse Logs

Contents

FortiLog-100 FortiLog-400 FortiLog-800 January 15, 2004Version 1.6 January 15 05-16000-0082-20050115 TrademarksRegulatory Compliance Table of Contents Config Network Managing the FortiLog unitReports 104 Setting folder and file properties103 110Introduction FortiLog-400 FortiLog-100 FortiLog-800Active Mode Operational ModesPassive Mode IntroductionExplains how to install and set up the FortiLog unit About this guideFortiLog documentation Explains how to configure VPNs using the web-based manager Related documentationFortiGate documentation FortiMail documentation FortiManager documentationFortiClient documentation Fortinet Knowledge CenterCustomer service and technical support Customer service and technical support Setting up the FortiLog unit Checking the package contentsHardware specifications Dimensions WeightFortiLog-100 2.5 kg FortiLog-400 11 kg FortiLog-80014 kg Environmental specifications Planning the installationPower requirements Air flowFortiLog unit Management PC Connecting the FortiLog unitConnecting the FortiLog unit To connect the FortiLog unit to the networkFactory defaults Administrator Configuring the FortiLog unitUsing the web-based manager To connect to the web-based managerTo configure the FortiLog unit using the CLI Using the command line interfaceTo configure the FortiLog unit using the web-based manager Set system interface port1 mode static ip IPaddress netmaskUsing the front panel buttons and LCD Set the primary DNS server IP addressSet system dns primary IPaddress Configuring the FortiLog unit Go to Log&Report Log Config Connecting to the FortiLog UnitConfiguring FortiGate unit running FortiOS Sending device logs to the FortiLog unitConfiguring FortiGate devices running FortiOS FortiGate 2.8 log settingsConfiguring FortiMail devices FortiGate 2.5 Log settingsGroups from this tab Adding a deviceTo add a device UnregisteredDefining device port interfaces Creating Device Groups To create a device group Go to System Devices GroupsManaging the FortiLog unit StatusStatus Refresh Operating ModeInterval AlertsChanging operating modes To change the operating mode in the CLIChanging the FortiLog host name Set system opmode activepassiveTo change the firmware using the web-based manager Viewing system resources informationChanging the firmware Execute restore image namestr tftpip Installing firmware from a system rebootTo change the firmware using the CLI Execute restore image FortiLog400-v120.outImmediately press any key to interrupt the system startup To install firmware from a system rebootPress any key to enter configuration menu Enter Local AddressFollowing message appears Testing a new firmware imageTo test a new firmware image before installing it Enter File Name image.outGet system status Installing a backup firmware imageSave as Default firmware/Run image without savingD/R You can test the new firmware image as requiredTo install a backup firmware image Type BSwitching to a backup firmware image Switching to the default firmware imageTo switch to the backup firmware image Execute reboot Backing up system settingsTo switch back to the default firmware image To backup up system settings Go to System Status StatusTo restore system settings Go to System Status Status Restoring system settingsRestore factory default system settings Restoring a FortiLog unitTo upload the firmware image to the FortiLog unit Press any key to begin downloadConfig NetworkConfig RAID Log to Host Log settingsConfig Policy PortCSV format Config PolicyLog policy Levels Description Generated byOptions AdminTime LanguageConfigure Administrator access Administrator account levels Administrator optionsDevices Active mode Changing the Administrator passwordTo add an administrator account Go to System Config Admin Device list Adding and registering a deviceEditing device information Alert Email ServerTo edit a device Go to System Devices Device Active mode LocalCreating a new device alert Attack Type Attack Type Entry and listing Level of wait intervalAlerts To add a device alert Go to System Alert Email DeviceVirus Type Network Sharing Defining IP aliasesWindow To set host alias names Go to Reports IP Aliases IP aliasesCreating and generating a report To create a report Go to Reports ConfigReports Select New and enter a name for the reportSet the following Configuring report parametersTo define report parameters Go to Reports Config Select Run nowResolve Service Names Ranked Reports show top Configuring a report queryTo set the report queries Go to Reports Config Select a report from the list Select QueriesSelecting the devices for the report To select the devices Go to Reports ConfigCreating a query profile To create a query profileSelect filtering options To set the filtering on a log report Go to Reports ConfigCreating a device profile To create a device profileCreating a filter profile Setting a report scheduleTo create a scheduled report Go to Reports Config To create a report filter profileSelect Schedule Select a day from the following Creating a report schedule profileChoosing the report destination and format To create a report schedule profileReports on demand To generate a report on demand Go to Reports ConfigCreating a report destination and format profile To create a pre-defined output selectionViewing reports To view a generated report Go to File Browse ReportsRoll up report Individual reportsTo create a report Go to Reports Config Vulnerability Vulnerability reportsCreating and generating a report Per device Resolve Host Names Resolve Service Names Selecting report result parametersSelecting plug-ins Selecting the scan targets for the report To select the plug-ins Go to Reports Config VulnerabilitiesCreating a plug-in profile To create a plug-in profileCreating a scan target profile To add additional devicesTo create a scan target profile Email list FileBrowse/Reports hard disk As an email attachmentViewing the vulnerability report Select the report name from the list of completed reportsUsing Logs Log view interface Viewing logsSelect the column header to change the sort order between Finding log informationTo view the device log files Go to File Browse Logs Ascending and descending orderBasic log filter To import a log file Go to File Browse Logs Importing log filesAlert level Match Up and Down arrowsTo set log watching Go to File Browse Logs Log watch Active modeLog Search Show Up and Down arrowsEvent correlation Active mode Sort listEvent correlation Active mode Using the FortiLog unit as a NAS Connecting to the FortiLog file systemSelecting a file sharing protocol Providing access to the FortiLog hard diskSelect Enable for a file sharing protocol Adding and modifying user accountsTo add a user group Go to Network Sharing Groups Assigning access to foldersAdding and modifying group accounts Select Create NewWindows sharing configuration Modifying the user or group folder access NFS share configurationSetting folder and file properties To set file and folder permissions Go to File Browse FilesOwner FortiLog CLI reference CLI documentation conventionsFortiLog-800 login Connecting to the CLIConnecting to the FortiLog-800 console To connect to the FortiLog-800 consoleSetting administrative access for SSH or Telnet To use the CLI to configure SSH or Telnet accessWelcome To connect to the CLI using SSH Connecting to the FortiLog CLI using SSHConnecting to the FortiLog CLI using Telnet To connect to the CLI using TelnetCLI commands FortiLog CLI commands includeExecute branch Use get to display settings, logs, or system information Get command architectureGet branch Get report resolve Get log logsettingGet system admin Get report aliasesSet alertemail command architecture Use set to configure settings, logs, or system informationUse set alertemail to configure alert mails Set branchBelow String is the passwordNamestr is the user name Set alertmail local time 0.5 1.0 3.0 6.0CLI commands Set alertmail device enable add leveltimeSettings originate from a singe source IP Use set console to set console configuration Set consoleUse set log to configure log settings Set log command architectureSet log YY-MM-DD 100 101 102 Set NAS 103Set system Set report command architectureSet report 104105 106 107 Trusthoststr is trusted host IP address 1080.0 Netmaskstr is the netmask109 Unset branch 111 112 Web Activity Appendix a Log Report TypesNetwork Activity 113FTP Activity 115 Terminal ActivityMail Activity Mail activity reports record Email traffic and connectionsIntrusion Activity Antivirus ActivityWeb Filter Activity Mail Filter Activity 117Content Activity VPN Activity119 120 Index 121122 Index123 124