Filtering tips – Fortinet FortiAnalyzer 3.0 MR7 User Manual

FortiAnalyzer Version 3.0 MR7 Administration Guide

100

05-30007-0082-20080908

Customizing the log view

Log

Figure 6: Filter icons

To filter log messages by column contents

1

In the heading of the column that you want to filter, select the filter icon.

2

Select Enable.

3

If you want to exclude log messages with matching content in this column, select
NOT.

If you want to include log messages with matching content in this column,
deselect NOT.

4

Enter the text that matching log messages must contain.

Matching log messages will be excluded or included in your view based upon
whether you have selected or deselected NOT.

5

Select OK.

A column’s filter icon is green when the filter is currently enabled. A Download
Current View icon also appears, enabling you to download only log messages
which meet the current filter criteria.

To disable a filter

1

In the heading of the column whose filter you want to disable, select the filter icon.

A column’s filter icon is green when the filter is currently enabled.

2

To disable the filter on this column, deselect Enable.

Alternatively, to disable the filters on all columns, select Clear All Filters. This
disables the filter; it does not delete any filter text you might have configured.

3

Select OK.

A column’s filter icon is gray when the filter is currently disabled.

Filtering tips

When filtering by source or destination IP, you can use the following in the filtering
criteria:

• a single address (2.2.2.2)
• an address range using a wild card (1.2.2.*)
• an address range (1.2.2.1-1.2.2.100)
You can also use a Boolean operator (or) to indicate mutually exclusive choices:
• 1.1.1.1 or 2.2.2.2
• 1.1.1.1 or 2.2.2.*

Note: Filters do not appear in Raw view, or for unindexed log fields in Formatted view.

When viewing real-time logs, you cannot filter on the time column: by definition of the real-
time aspect, only current logs are displayed.

Filter icon

Filter in use