Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Adding exclusion filters to event handlers

Exclusion filters (or pre-filters) can be configured for all the available log fields in event handlers. Each event handler can have multiple exclusion filters.

To create an exclusion filter:
  1. Go FortiSoC.
  2. In the tree menu, click Handlers > Event Handlers > Event Handler List.
  3. Select an event handler, and click Edit in the toolbar.
  4. In the Pre-filters area, click Add Pre-Filter. The Pre-filter dialog opens.
  5. Configure the pre-filter.
    Name Enter a name for the exclusion filter.
    Log Device Type Select the device type from the dropdown.
    Log Type

    Select a log type from the dropdown. The log types will vary depending on the device type.

    Log Subtype Select a log subtype from the dropdown. The log subtype is not available for all devices types.
    Logs Match Select All or Any of the following conditions.
  6. Configure the filter.
    1. Set the filter conditions.
      Log Field Select a log field from the dropdown.
      Match Criteria Select an operator from the dropdown.
      Value Select the event type from the dropdown.
    2. Click Add (+)to add more conditions.
  7. (Optional) In the Generic Text Filter field enter the filter string. See, Using the Generic Text Filter in an event handler.
  8. Click OK.

Adding exclusion filters to event handlers

Exclusion filters (or pre-filters) can be configured for all the available log fields in event handlers. Each event handler can have multiple exclusion filters.

To create an exclusion filter:
  1. Go FortiSoC.
  2. In the tree menu, click Handlers > Event Handlers > Event Handler List.
  3. Select an event handler, and click Edit in the toolbar.
  4. In the Pre-filters area, click Add Pre-Filter. The Pre-filter dialog opens.
  5. Configure the pre-filter.
    Name Enter a name for the exclusion filter.
    Log Device Type Select the device type from the dropdown.
    Log Type

    Select a log type from the dropdown. The log types will vary depending on the device type.

    Log Subtype Select a log subtype from the dropdown. The log subtype is not available for all devices types.
    Logs Match Select All or Any of the following conditions.
  6. Configure the filter.
    1. Set the filter conditions.
      Log Field Select a log field from the dropdown.
      Match Criteria Select an operator from the dropdown.
      Value Select the event type from the dropdown.
    2. Click Add (+)to add more conditions.
  7. (Optional) In the Generic Text Filter field enter the filter string. See, Using the Generic Text Filter in an event handler.
  8. Click OK.