Filter
Top Products
FortiAnalyzer Version 3.0 MR7 Administration Guide
104 05-30007-0082-20080908
Searching the logs Log
• Some keywords will not match unless you include both the log field name and
its value (type=webfilter).
• Remove unnecessary keywords and search filters which can exclude results.
In More Options, if All Words is selected, for a log message to be included in
the search results, all keywords must match; if any of your keywords do not
exist in the message, the match will fail and the message will not appear in
search results. If you cannot remove some keywords, select Any Words.
• You can use the asterisk (*) character as a wild card (192.168.2.*). For
example, you could enter any partial term or IP address, then enter * to match
all terms that have identical beginning characters or numbers.
• You can search for IP ranges, including subnets. For example:
• 172.168.1.1/24 or 172.168.1.1/255.255.255.0 matches all IP
addresses in the subnet 172.168.1.1/255.255.255.0
• 172.168.1.1-140.255 matches all IP addresses from 172.168.1.1 to
172.168.140.255
• You can search for URLs in multiple ways, using part or all of the URL.
Searching for the full URL may not return enough results if the URL contains
random substrings, such as session IDs. If your search keywords do not return
enough results, try one of the following:
• Full Search
• shortening your keyword to the smallest necessary substring of the URL
• shortening your keyword to a substring of the URL delimited by slash (/)
characters
• The search returns results that match all, any, or none of the search terms,
according to the option you select in Match.
For example, if you enter into Keyword(s):
192.168.* action=login
and if from Match you select All Words, log messages for attacks on 192.168.*
by W32/Stration.DU@mm do not appear in the search results, since although
the first keyword (the IP address) appears in attack log messages, the second
keyword (the name of the attack) does not appear, and so the match fails. If the
match fails, the log message is not included in the search results.
Printing the search results
After completing a search, a Printable Version button appears, allowing you to
download a printable HTML copy of the search results. You can print this file, or
save it to your computer for later use.
To download the results, select Printable Version.
Downloading the search results
After completing a search, a Download Current View button appears, allowing you
to download a log file reflecting the search results. Search results can be saved in
comma-separated value (.csv) format or in standard log (.log) format.