Support User Manuals

Fortinet 3.0 MR7 Network Card User Manual

Open as PDF

of 234

Log Searching the logs

FortiAnalyzer Version 3.0 MR7 Administration Guide

05-30007-0082-20080908 103

To search the logs

1 Go to Log > Search.

2 From Device/Group, select which device or device group’s logs you want to

search.

3 From Date, select Any time to search log messages from all time periods, select a

predefined time period, or select Specify and then define the starting and ending

time of your custom time period.

4 In Keyword(s), enter your search criteria.

5 If you want to specify additional match or filter criteria, select More Options to

expand that area, then configure those options.

6 Select Quick Search or Full Search.

Time required to retrieve search results varies by the complexity of the search

query, the amount of log data being searched, and whether you select Quick

Search or Full Search.

When the search results display, you can view the log messages in either Format

or Raw formats.

Search tips

If your search does not return the results you expect, but log messages exist that

should contain matching text, examine your keywords and filter criteria using the

following search characteristics and recommendations.

• Separate multiple keywords with a space (type=webfilter

subtype=activexfilter).

• Keywords cannot contain unsupported special characters. Supported

characters vary by selection of Quick Search or Full Search.

• Keywords must literally match log message text, with the exception of case

insensitivity and wild cards; resolved names and IP aliases will not match.

• Destination IP: Enter an IP address to include

only log messages containing a matching

destination IP address. For example, entering

192.168.2.1 would cause search results to

include only log messages containing

dst=192.168.2.1 and/or content log

messages containing a server IP address of

192.168.2.1.

• User Name: Enter a user name to include only

log messages containing a matching

authenticated firewall user name. For example,

entering userA would cause search results to

include only log messages containing

user=”userA”.

•Group Name: Enter a group name to include

only log messages containing a matching

authenticated firewall group name. For example,

entering groupA would cause search results to

include only log messages containing

group=”groupA”.

previous next