background-rebuild {enable | disable}
|
Disable or enable rebuilding the SQL database in the background.
|
database-name <string>
|
Remote SQL database name. Character limit: 64
Command only available when status is set to remote .
|
database-type <postgres>
|
Database type. Command only available when status is set to local or remote .
|
device-count-high {enable | disable}
|
You must set to enable if the count of registered devices is greater than 8000.
Caution: Enabling or disabling this command will result in an SQL database rebuild. The time required to rebuild the database is dependent on the size of the database. Please plan a maintenance window to complete the database rebuild. This operation will also result in a device reboot.
|
event-table-partition-time <integer>
|
Maximum SQL database table partitioning time range in minutes for event logs. Range: 0 to 525600 (minutes). Enter 0 for unlimited
|
fct-table-partition-time <integer>
|
Maximum SQL database table partitioning time range, in minutes, for
FortiClient logs: 0 to 525600 (minutes), or 0 for unlimited.
|
logtype {none | app-ctrl | attack | content | dlp | emailfilter | event | generic | history | traffic | virus | voip | webfilter | netscan}
|
Log type. Command only available when status is set to local or remote .
|
password <passwd>
|
The password that the Fortinet unit will use to authenticate with the remote database. Command only available when status is set to remote .
|
prompt-sql-upgrade {enable | disable}
|
Prompt to convert log database into SQL database at start time on GUI.
|
rebuild-event {enable | disable}
|
Enable/disable a rebuild event during SQL database rebuilding. The following options are available:
-
disable : Do not rebuild event during SQL database rebuilding.
-
enable : Rebuild event during SQL database rebuilding.
|
rebuild-event-start-time <hh:mm> <yyyy/mm/dd>
|
The rebuild event starting date and time.
|
server <string>
|
Set the database ip or hostname.
|
start-time <hh>:<mm> <yyyy>/<mm>/<dd>
|
The date and time that logs will start to be inserted. Command only available when status is set to local or remote .
|
status {disable | local | remote}
|
SQL database status. The following options are available:
-
disable : Disable SQL database.
-
local : Enable local database.
-
remote : Enable remote database.
|
text-search-index {disable | enable}
|
Disable or enable the text search index. The following options are available:
-
disable : Do not create text search index.
-
enable : Create text search index.
|
traffic-table-partition-time <integer>
|
Maximum SQL database table partitioning time range for traffic logs. Range: 0 to 525 600 (minutes). Enter 0 for unlimited
|
utm-table-partition-time <integer>
|
Maximum SQL database table partitioning time range in minutes for UTM logs. Range: 0 to 525600 (minutes). Enter 0 for unlimited
|
username <string>
|
The user name that the Fortinet unit will use to authenticate with the remote database. Character limit: 64
Command only available when status is set to remote .
|
Variables forconfig custom-index subcommand:
|
case-sensitive {enable | disable}
|
Enable/disable case sensitivity.
|
device-type {FortiCache | FortiGate | FortiMail | FortiSandbox | FortiWeb}
|
Set the device type. The following options are available:
-
FortiCache : Set device type to FortiCache
-
FortiGate : Set device type to FortiGate.
-
FortiMail : Set device type to FortiMail.
-
FortiSandbox : Set device type to FortiSandbox
-
FortiWeb: Set device type to FortiWeb.
|
index-field <Field-Name>
|
Enter a valid field name. Select one of the available field names. The available options for index-field is dependent on the device-type entry.
|
log-type <Log-Enter>
|
Enter the log type. The available options for log-type is dependent on the device-type entry. Enter one of the available log types.
- FortiCache:
N/A
- FortiGate:
app-ctrl , content , dlp , emailfilter , event , netscan , traffic , virus , voip , webfilter
- FortiMail:
emailfilter , event , history , virus
- FortiSandbox:
N/A
- FortiWeb:
attack , event , traffic
|
Variables forconfig ts-index-field subcommand:
|
<category>
|
Category of the text search index fields. The following is the list of categories and their default fields. The following options are available:
-
FGT-app-ctrl : user , group , srcip , dstip , dstport , service , app , action , status , hostname
-
FGT-attack : severity , srcip , proto , user , attackname
-
FGT-content : from , to , subject , action , srcip , dstip , hostname , status
-
FGT-dlp : user , srcip , service , action , file
-
FGT-emailfilter : user , srcip , from , to , subject
-
FGT-event : subtype , ui , action , msg
-
FGT-traffic : user , srcip , dstip , service , app , utmaction , utmevent
-
FGT-virus : service , srcip , file , virus , user
-
FGT-voip : action , user , src , dst , from , to
-
FGT-webfilter : user , srcip , status , catdesc
-
FGT-netscan : user , dstip , vuln , severity , os
-
FML-emailfilter : client_name , dst_ip , from , to , subject
-
FML-event : subtype , msg
-
FML-history : classifier , disposition , from , to , client_name , direction , domain , virus
-
FML-virus : src , msg , from , to
-
FWB-attack : http_host , http_url , src , dst , msg , action
-
FWB-event : ui , action , msg
-
FWB-traffic : src , dst , service , http_method , msg
|
<value>
|
Fields of the text search filter.
|
<string>
|
Select one or more field names separated with a comma. The available field names is dependent on the category selected.
|