Table of Contents
Advertisement
Content archive
2
3
Filtering content logs
Log rolling
FortiAnalyzer Version 3.0 MR3 Administration Guide
05-30003-0082-20060925
Select a column name.
Select the up and down arrows to change the position of the column in the list.
When looking at content logs for both real-time and historical, you can filter the
information to find specific information. Filters are available when you are viewing
historical data in the Content Viewer or when browsing content log files on the
FortiAnalyzer hard disk.
Note: You must be viewing the log contents in the formatted view to use the filters.
Figure 33: Filter icons in the Historical content logs
Filter in use
Filter icon
Each column of data includes a gray filter icon. Select the icon to filter the
contents of the column. Enter the information you are looking for in the field
provided and select OK.When a filter is applied to a column, the filter icon appears
green.
To turn off the filter, select the filter icon and select Reset Filter. When viewing
real-time logs, you cannot filter on the time column because the time will always
be the current time.
Filtering tip
When filtering by source or destination IP, you can use the following in the filtering
criteria:
•
a single address (2.2.2.2)
•
an address range using a wild card (1.2.2.*)
•
an address range (1.2.2.1-1.2.2.100)
You can also use the boolean operator "or" to indicate multiple choices:
•
1.1.1.1 or 2.2.2.2
•
1.1.1.1 or 2.2.2.*
•
1.1.1.1 or 2.2.2.1-2.2.2.10
Log rolling is a way to control the content log file size and space used on the
FortiAnalyzer hard disk. You can configure the frequency of the log rolling and
what to do with the
content
As the FortiAnalyzer unit receives log messages, it performs the following tasks:
•
verifies whether the log file has exceeded its file size limit
•
if the file size is not exceeded, checks to see if it is time to roll the log file
log file when rolled.
Log rolling
91
Hide quick links:
Advertisement
Table of Contents
