Support User Manuals

Fortinet 3.0 MR7 Network Card User Manual

Open as PDF

of 234

Content Archive Customizing the content archive view

FortiAnalyzer Version 3.0 MR7 Administration Guide

05-30007-0082-20080908 111

4 Enter the text that matching log messages must contain.

Matching log messages will be excluded or included in your view based upon

whether you have selected or deselected NOT.

5 Select OK.

A column’s filter icon is green when the filter is currently enabled.

To disable a filter

1 In the heading of the column whose filter you want to disable, select the filter icon.

A column’s filter icon is green when the filter is currently enabled.

2 To disable the filter on this column, deselect Enable.

Alternatively, to disable the filters on all columns, select Clear All Filters. This

disables the filter; it does not delete any filter text you might have configured.

3 Select OK.

A column’s filter icon is gray when the filter is currently disabled.

Filtering tips

When filtering by source or destination IP, you can use the following in the filtering

criteria:

• a single address (2.2.2.2)

• an address range using a wild card (1.2.2.*)

• an address range (1.2.2.1-1.2.2.100)

You can also use the Boolean operator “or” to indicate multiple alternative

matches:

• 1.1.1.1 or 2.2.2.2

• 1.1.1.1 or 2.2.2.*

• 1.1.1.1 or 2.2.2.1-2.2.2.10

Most column filters require that you enter the column’s entire contents to

successfully match and filter contents; partial entries do not match the entire

contents, and so will not create the intended column filter.

For example, if the column contains a source or destination IP address (such as

192.168.2.5), to create a column filter, enter the entire IP address to be

matched. If you enter only one octet of the IP address, (such as 192) the filter will

not completely match any of the full IP addresses, and so the resulting filter would

omit all logs, rather than including those logs whose IP address contains that

octet.

Exceptions to this rule include columns that contain multiple words or long strings

of text, such as messages or URLs. In those cases, you may be able to filter the

column using a substring of the text contained by the column, rather than the

entire text contained by the column.

Note: Filters do not appear in Raw view, or for unindexed log fields in Formatted view.

When viewing real-time logs, you cannot filter on the time column: by definition of the real-

time aspect, only current logs are displayed.

previous next