Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAnalyzer 7.4.6 Administration Guide
    7.4.6
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    Filtering report output

    Filtering report output

    You can apply log message filters to reports and charts.

    To filter output in a report:

    Click the Settings tab and scroll to the Filters section.

    To filter output in a chart:
    1. Click the Layout tab.
    2. Filter a new or existing chart:
      • Click Insert Chart and scroll to the Filters section.
      • Right-click a chart in the layout and select Chart Properties. Scroll to the Filters section.

    In the Filters section, the following options are available.

    Field

    Description

    Log messages that match

    Available in the Settings tab only.

    Select All to filter log messages based on all of the added conditions, or select Any of the Following Conditions to filter log messages based on any one of the conditions.

    Add Filter

    Click to add filters. For each filter, select a log field and operator from the dropdowns, and then enter or select the value(s).

    • Log Field: Select a log field from the dropdown. The available log fields depend on the device type.

    • Match Criteria: Select an operator from the dropdown. The available options depend on the selected log field.

    • Value: Select a value from the dropdown list or enter a value in the text box. The available options depend on the selected log field.

      If there is no dropdown list provided by FortiAnalyzer, you must manually enter a value to find in the raw log. The Value field is case sensitive.

    In the Action column, click plus (+) to insert a new filter below. You can insert multiple filters. To delete a filter, click the x next to the filter.

    Tooltip

    You cannot create multiple filters using the same Log Field. If multiple entries for the same field are required, use a comma without a space as a separator in the Value field. For example,

    • Log Field: Interface (intf)

    • Match Criteria: Equal To

    • Value: port1,port2

    If there is a comma used within the values, enclose each value in double quotations. For example,

    • Log Field: Sequence Number (seq)

    • Match Criteria: Equal To

    • Value: "1,2","2,1"
    Note

    The Settings and Layout tabs use the same Log Field list to filter output; however, some log fields are not used in charts. The Log Field you use to filter a report may not apply to the log fields in a chart.

    LDAP Query

    Available in the Settings tab only.

    Click to add an LDAP query, then select the LDAP Server and the Case Change value from the dropdown lists.

    Use this option to query an LDAP server for group membership. The results of this query is used to filter the report to only match logs for users belonging to that group.

    You must specify the group name in the filter definition.

    If you enable LDAP Query, the group name is not used to match the group field in logs. The group name is only used for the LDAP query to determine group membership.

    Note

    The query will not retrieve the userPrincicpalName if the Distinguished Name in the System Settings does not contain an organization unit (ou). To retrieve the UPN, add the Distinguished Name as it appears in the System Settings to your query.
    Note

    If both chart and report filters are selected for the same report, the chart filter will be used instead of the report filter.
    Previous
    Next

    Filtering report output

    Filtering report output

    You can apply log message filters to reports and charts.

    To filter output in a report:

    Click the Settings tab and scroll to the Filters section.

    To filter output in a chart:
    1. Click the Layout tab.
    2. Filter a new or existing chart:
      • Click Insert Chart and scroll to the Filters section.
      • Right-click a chart in the layout and select Chart Properties. Scroll to the Filters section.

    In the Filters section, the following options are available.

    Field

    Description

    Log messages that match

    Available in the Settings tab only.

    Select All to filter log messages based on all of the added conditions, or select Any of the Following Conditions to filter log messages based on any one of the conditions.

    Add Filter

    Click to add filters. For each filter, select a log field and operator from the dropdowns, and then enter or select the value(s).

    • Log Field: Select a log field from the dropdown. The available log fields depend on the device type.

    • Match Criteria: Select an operator from the dropdown. The available options depend on the selected log field.

    • Value: Select a value from the dropdown list or enter a value in the text box. The available options depend on the selected log field.

      If there is no dropdown list provided by FortiAnalyzer, you must manually enter a value to find in the raw log. The Value field is case sensitive.

    In the Action column, click plus (+) to insert a new filter below. You can insert multiple filters. To delete a filter, click the x next to the filter.

    Tooltip

    You cannot create multiple filters using the same Log Field. If multiple entries for the same field are required, use a comma without a space as a separator in the Value field. For example,

    • Log Field: Interface (intf)

    • Match Criteria: Equal To

    • Value: port1,port2

    If there is a comma used within the values, enclose each value in double quotations. For example,

    • Log Field: Sequence Number (seq)

    • Match Criteria: Equal To

    • Value: "1,2","2,1"
    Note

    The Settings and Layout tabs use the same Log Field list to filter output; however, some log fields are not used in charts. The Log Field you use to filter a report may not apply to the log fields in a chart.

    LDAP Query

    Available in the Settings tab only.

    Click to add an LDAP query, then select the LDAP Server and the Case Change value from the dropdown lists.

    Use this option to query an LDAP server for group membership. The results of this query is used to filter the report to only match logs for users belonging to that group.

    You must specify the group name in the filter definition.

    If you enable LDAP Query, the group name is not used to match the group field in logs. The group name is only used for the LDAP query to determine group membership.

    Note

    The query will not retrieve the userPrincicpalName if the Distinguished Name in the System Settings does not contain an organization unit (ou). To retrieve the UPN, add the Distinguished Name as it appears in the System Settings to your query.
    Note

    If both chart and report filters are selected for the same report, the chart filter will be used instead of the report filter.
    Previous
    Next