Content archive Log rolling
FortiAnalyzer Version 3.0 MR3 Administration Guide
05-30003-0082-20060925 91
2 Select a column name.
3 Select the up and down arrows to change the position of the column in the list.
Filtering content logs
When looking at content logs for both real-time and historical, you can filter the
information to find specific information. Filters are available when you are viewing
historical data in the Content Viewer or when browsing content log files on the
FortiAnalyzer hard disk.
Figure 33: Filter icons in the Historical content logs
Each column of data includes a gray filter icon. Select the icon to filter the
contents of the column. Enter the information you are looking for in the field
provided and select OK.When a filter is applied to a column, the filter icon appears
green.
To turn off the filter, select the filter icon and select Reset Filter. When viewing
real-time logs, you cannot filter on the time column because the time will always
be the current time.
Filtering tip
When filtering by source or destination IP, you can use the following in the filtering
criteria:
• a single address (2.2.2.2)
• an address range using a wild card (1.2.2.*)
• an address range (1.2.2.1-1.2.2.100)
You can also use the boolean operator "or" to indicate multiple choices:
• 1.1.1.1 or 2.2.2.2
• 1.1.1.1 or 2.2.2.*
• 1.1.1.1 or 2.2.2.1-2.2.2.10
Log rolling
Log rolling is a way to control the content log file size and space used on the
FortiAnalyzer hard disk. You can configure the frequency of the log rolling and
what to do with the
content log file when rolled.
As the FortiAnalyzer unit receives log messages, it performs the following tasks:
• verifies whether the log file has exceeded its file size limit
• if the file size is not exceeded, checks to see if it is time to roll the log file
Note: You must be viewing the log contents in the formatted view to use the filters.
Filter icon
Filter in use
To Next Page
Loading...
Need help?
General