Support User Manuals

Fortinet 3.0 MR7 Network Card User Manual

Open as PDF

of 234

Network Analyzer Searching the Network Analyzer logs

FortiAnalyzer Version 3.0 MR7 Administration Guide

05-30007-0082-20080908 153

• You can search for IP ranges, including subnets. For example:

• 172.168.1.1/24 or 172.168.1.1/255.255.255.0 matches all IP

addresses in the subnet 172.168.1.1/255.255.255.0

• 172.168.1.1-140.255 matches all IP addresses from 172.168.1.1 to

172.168.140.255

• The search returns results that match all of the search terms.

For example, consider two similar keyword entries: 172.20.120.127 tcp

and 172.20.120.127 udp. If you enter the keywords

172.20.120.127 tcp, UDP traffic would not be included in the search

results, since although the first keyword (the IP address) matches, the second

keyword, tcp, does not match.

• The search returns results that match all, any, or none of the search terms,

according to the option you select in Match.

For example, if you enter into Keyword(s):

172.20.120.127 tcp

and if from Match you select All Words, log messages for UDP traffic to

172.20.120.127 do not appear in the search results, since although the first

keyword (the IP address) appears in log messages, the second keyword (the

protocol) does not match UDP log messages, and so the match fails for UDP

log messages. If the match fails, the log message is not included in the search

results.

Printing the search results

After completing a search, a Printable Version button appears, allowing you to

download a printable HTML copy of the search results.

Select the Printable Version button to download the results. You can print this file,

save it to your computer for later use, or email it.

Downloading the search results

The FortiAnalyzer unit enables you to download the results of a search.

After completing a search, a Download Current View button appears. Select the

button to download the results.

Search results can be saved in comma-separated value (.csv) format or in

standard log (.log) format.

To download log search results

1 Go to Tools > Network Analyzer > Search.

2 Perform a search using either basic or advanced search.

If your search finds one or more matching log events, a Download Current View

button appears next to the Printable Version button.

3 Select Download Current View.

Options appear for the download’s file format and compression.

Note: Large logs require more time to download. Download times can be improved by

selecting Compress with gzip.

previous next