Fortinet black logo

Administration Guide

Filtering events

Filtering events

Filter the Event Monitor using Add Filter in the toolbar or by right-clicking an entry and selecting a context-sensitive filter. You can also filter by specific devices or timeframes.

To filter events using filter mode:
  1. In the Add Filter field, toggle to filter mode.

    The filter icon () indicates you are in filter mode. Click the icon to toggle modes, as needed.

  2. Click Add Filter, and then select a filter.
  3. In the filter field, type or select a value.
  4. To change the filter action, click the equal sign (=) for the filter.

    For example, you can select != to make the filter a negate condition.

  5. Click Add Filter to add another filter, as needed.
To filter events using text mode:
  1. In the Add Filter field, toggle to text mode.

    The text icon () indicates you are in text mode. Click the icon to toggle modes, as needed.

  2. Type the filter and its condition. Use the log field names and values.

    You can review log field names and values by selecting the filter in filter mode and then toggling to text mode.

    You can review the list of available conditions by clicking the equal sign for a filter in filter mode.

  3. To add more filters, type the connector (AND or OR) and then type the next filter.
To filter events using the right-click menu:

In the event list, right-click an entry and select a filter criterion (Search <filter value>).

Depending on the column in which your mouse is placed when you right-click, Event Monitor uses the column value as the filter criteria. This context-sensitive filter is only available for certain columns.

To launch Search in Log View from an event:

In the event list, right-click an entry and select Search in Log View.

Log View will launch with the filter automatically filled in with the following information:

  • Log type of the event
  • Time range (the first to the last occurrence of the event)
  • Event trigger and group by value

Filtering events

Filter the Event Monitor using Add Filter in the toolbar or by right-clicking an entry and selecting a context-sensitive filter. You can also filter by specific devices or timeframes.

To filter events using filter mode:
  1. In the Add Filter field, toggle to filter mode.

    The filter icon () indicates you are in filter mode. Click the icon to toggle modes, as needed.

  2. Click Add Filter, and then select a filter.
  3. In the filter field, type or select a value.
  4. To change the filter action, click the equal sign (=) for the filter.

    For example, you can select != to make the filter a negate condition.

  5. Click Add Filter to add another filter, as needed.
To filter events using text mode:
  1. In the Add Filter field, toggle to text mode.

    The text icon () indicates you are in text mode. Click the icon to toggle modes, as needed.

  2. Type the filter and its condition. Use the log field names and values.

    You can review log field names and values by selecting the filter in filter mode and then toggling to text mode.

    You can review the list of available conditions by clicking the equal sign for a filter in filter mode.

  3. To add more filters, type the connector (AND or OR) and then type the next filter.
To filter events using the right-click menu:

In the event list, right-click an entry and select a filter criterion (Search <filter value>).

Depending on the column in which your mouse is placed when you right-click, Event Monitor uses the column value as the filter criteria. This context-sensitive filter is only available for certain columns.

To launch Search in Log View from an event:

In the event list, right-click an entry and select Search in Log View.

Log View will launch with the filter automatically filled in with the following information:

  • Log type of the event
  • Time range (the first to the last occurrence of the event)
  • Event trigger and group by value