Search tips – Fortinet FortiAnalyzer 3.0 MR7 User Manual

Page 162

Advertising
background image

FortiAnalyzer Version 3.0 MR7 Administration Guide

152

05-30007-0082-20080908

Searching the Network Analyzer logs

Network Analyzer

To search the logs

1

Go to Tools > Network Analyzer > Search.

2

From Date, select Any time to search log messages from all time periods, select a
predefined time period, or select Specify and then define the starting and ending
time of your custom time period.

3

In Keyword(s), enter your search criteria.

4

If you want to specify additional match or filter criteria, select More Options to
expand that area, then configure those options.

5

Select Quick Search or Full Search.

Time required to retrieve search results varies by the complexity of the search
query, the amount of log data being searched, and whether you select Quick
Search or Full Search.

Search tips

If your search does not return the results you expect, but log messages exist that
should contain matching text, examine your keywords and filter criteria using the
following search characteristics and recommendations.

• Separate multiple keywords with a space (arp who-has 1.1.1.1).
• Keywords cannot contain unsupported special characters. Supported

characters vary by selection of Quick Search or Full Search.

• Keywords must literally match log message text, with the exception of case

insensitivity and wild cards; resolved names and IP aliases will not match.

• Some keywords will not match unless you include both the log field name and

its value, surrounded by quotes (“Ack=2959769124”).

• Remove unnecessary keywords and search filters which can exclude results.

For a log message to be included in the search results, all keywords must
match; if any of your keywords does not exist in the message, the match will
fail and the message will not appear in search results.

• You can use the asterisk (*) character as a wild card (192.168.2.*). For

example, you could enter any partial term or IP address, and then enter * to

match all terms that have identical beginning characters or numbers.

More Options

Select the blue arrow to hide or expand additional search options.
Other

Specify additional criteria, if any, that can be used to

further restrict the search criteria.

Source IP: Enter an IP address to include only log
messages containing a matching source IP address.
For example, entering 192.168.2.1 would cause
search results to include only log messages
containing src=192.168.2.1.

Destination IP: Enter an IP address to include only
log messages containing a matching destination IP
address. For example, entering 192.168.2.1
would cause search results to include only log
messages containing dst=192.168.2.1.

Advertising
See also other documents in the category Fortinet Hardware: