FortiAnalyzer Version 3.0 MR7 Administration Guide
100 05-30007-0082-20080908
Customizing the log view Log
Figure 6: Filter icons
To filter log messages by column contents
1 In the heading of the column that you want to filter, select the filter icon.
2 Select Enable.
3 If you want to exclude log messages with matching content in this column, select
NOT.
If you want to include log messages with matching content in this column,
deselect NOT.
4 Enter the text that matching log messages must contain.
Matching log messages will be excluded or included in your view based upon
whether you have selected or deselected NOT.
5 Select OK.
A column’s filter icon is green when the filter is currently enabled. A Download
Current View icon also appears, enabling you to download only log messages
which meet the current filter criteria.
To disable a filter
1 In the heading of the column whose filter you want to disable, select the filter icon.
A column’s filter icon is green when the filter is currently enabled.
2 To disable the filter on this column, deselect Enable.
Alternatively, to disable the filters on all columns, select Clear All Filters. This
disables the filter; it does not delete any filter text you might have configured.
3 Select OK.
A column’s filter icon is gray when the filter is currently disabled.
Filtering tips
When filtering by source or destination IP, you can use the following in the filtering
criteria:
• a single address (2.2.2.2)
• an address range using a wild card (1.2.2.*)
• an address range (1.2.2.1-1.2.2.100)
You can also use a Boolean operator (or) to indicate mutually exclusive choices:
• 1.1.1.1 or 2.2.2.2
• 1.1.1.1 or 2.2.2.*
Note: Filters do not appear in Raw view, or for unindexed log fields in Formatted view.
When viewing real-time logs, you cannot filter on the time column: by definition of the real-
time aspect, only current logs are displayed.
Filter icon Filter in use
To Next Page
Loading...