Filter
Top Products
FortiAnalyzer Version 3.0 MR7 Administration Guide
152 05-30007-0082-20080908
Searching the Network Analyzer logs Network Analyzer
To search the logs
1 Go to Tools > Network Analyzer > Search.
2 From Date, select Any time to search log messages from all time periods, select a
predefined time period, or select Specify and then define the starting and ending
time of your custom time period.
3 In Keyword(s), enter your search criteria.
4 If you want to specify additional match or filter criteria, select More Options to
expand that area, then configure those options.
5 Select Quick Search or Full Search.
Time required to retrieve search results varies by the complexity of the search
query, the amount of log data being searched, and whether you select Quick
Search or Full Search.
Search tips
If your search does not return the results you expect, but log messages exist that
should contain matching text, examine your keywords and filter criteria using the
following search characteristics and recommendations.
• Separate multiple keywords with a space (arp who-has 1.1.1.1).
• Keywords cannot contain unsupported special characters. Supported
characters vary by selection of Quick Search or Full Search.
• Keywords must literally match log message text, with the exception of case
insensitivity and wild cards; resolved names and IP aliases will not match.
• Some keywords will not match unless you include both the log field name and
its value, surrounded by quotes (“Ack=2959769124”).
• Remove unnecessary keywords and search filters which can exclude results.
For a log message to be included in the search results, all keywords must
match; if any of your keywords does not exist in the message, the match will
fail and the message will not appear in search results.
• You can use the asterisk (*) character as a wild card (192.168.2.*). For
example, you could enter any partial term or IP address, and then enter * to
match all terms that have identical beginning characters or numbers.
More Options Select the blue arrow to hide or expand additional search options.
Other Specify additional criteria, if any, that can be used to
further restrict the search criteria.
•Source IP: Enter an IP address to include only log
messages containing a matching source IP address.
For example, entering 192.168.2.1 would cause
search results to include only log messages
containing src=192.168.2.1.
• Destination IP: Enter an IP address to include only
log messages containing a matching destination IP
address. For example, entering 192.168.2.1
would cause search results to include only log
messages containing dst=192.168.2.1.