Fortinet 3.0 MR7 Network Card User Manual


  Open as PDF
of 234
 
Log Searching the logs
FortiAnalyzer Version 3.0 MR7 Administration Guide
05-30007-0082-20080908 101
1.1.1.1 or 2.2.2.1-2.2.2.10
Most column filters require that you enter the column’s entire contents to
successfully match and filter contents; partial entries do not match the entire
contents, and so will not create the intended column filter.
For example, if the column contains a source or destination IP address (such as
192.168.2.5), to create a column filter, enter the entire IP address to be
matched. If you enter only one octet of the IP address, (such as 192) the filter will
not completely match any of the full IP addresses, and so the resulting filter would
omit all logs, rather than including those logs whose IP address contains that
octet.
Exceptions to this rule include columns that contain multiple words or long strings
of text, such as messages or URLs. In those cases, you may be able to filter the
column using a substring of the text contained by the column, rather than the
entire text contained by the column.
Searching the logs
You can search the device log files for matching text using two search types:
Quick Search and Full Search.
You can use Quick Search to find results more quickly if your search terms are
relatively simple and you only need to search indexed log fields. Indexed log fields
are those that appear with a filter icon when browsing the logs in column view;
unindexed log fields do not contain a filter icon for the column or do not appear in
column view, but do appear in the raw log view. Quick Search keywords cannot
contain:
special characters such as single or double quotes ( or ) or question
marks (?)
wild card characters (*), or only contain a wild card as the last character of a
keyword (logi*)
You can use Full Search if your search terms are more complex, and require the
use of special characters or log fields not supported by Quick Search. Full Search
performs an exhaustive search of all log fields, both indexed and unindexed, but is
often slower than Quick Search.
Figure 7: Log Search
 previous next