FortiAnalyzer Version 3.0 MR3 Administration Guide
86 05-30003-0082-20060925
Log rolling Logs
Search tips
The FortiAnalyzer search feature includes a robust search index that enables you
to find any information by including specific information in your search criteria.
Consider the following when searching the logs:
• The search is case-insensitive.
• Use the “*” character as a wild card. For any partial term or IP address, enter
as much as you can and use the “*” to search all terms related to what you
entered.
• To find how often an IP address is attacked, enter the IP and the attack type.
For example 10.10.10.1 slammer. Or, to see how often a user logs into the
FortiGate unit, enter 10.10.10.1 login.
• You can search for IP ranges, including subnets. For example:
• 172.20.110.0-255 matches all IP addresses in the
172.20.110.0/255.255.255.0 or 172.20.110.0/24 subnet
• 172.20.110.0-140.255þ matches all IP addresses from 172.20.110.0 to
172.20.140.255
• 172.16.0.0-20.255.255 matches all IP addresses from 172.16.0.0 to
172.20.255.255)
Printing the search results
The FortiAnalyzer unit enables you to produce a hard copy of the results of a
search, which you can email, save to a local hard disk or print.
After completing a search, the results include a Printable Version link. Select the
link to create an HTML version of the results.
Log rolling
Log rolling is a way to control the log file size and manage the FortiAnalyzer. You
can configure the frequency of the log rolling and what to do with the log file when
rolled.
When a log file reaches its maximum size, the FortiAnalyzer unit saves the log
files with an incremental number, and starts a new log file with the same name.
For example, the current attack log is alog.log. Any subsequent saved logs appear
as alog.n.log, where n is the number of rolled logs.
To enable log rolling, go to Log > Config.
Note: Searches using characters will not include results from the Traffic logs. Traffic logs
include information for source and destination IP addresses and ports which is strictly
numerical information.
For example, if you are searching on User1, you may get results for User1, however, none
of the results will include entries from the Traffic log. To get results from the traffic log, you
must search on the IP address of User1. For example, 10.10.10.1.
To Next Page
Loading...
Need help?
General