Searching the HA cluster logs
Go to Centralized Monitor > Log Search > Log Search to configure and conduct log searches across the cluster members based on various search criteria.
To configure HA log search
- Go to Centralized Monitor > Log Search > Log Search.
- Click New.
- Configure the following search criteria. Note that the availability of the following options depends on the Log type selected:
- History
- Mail Event
- AntiVirus
- AntiSpam
- Encryption
- System Event
- Contain: searches for the exact match.
- Wildcard: supports wildcards in the entered search criteria.
- Click Search.
GUI item |
Description |
Select devices |
Either enable All devices to conduct the log search across all cluster members or select the members you wish to search from Available and move them to Members. |
Log type |
Select the type of log to search. Select from the following options: |
Description | Optionally, enter a description of the log you search for reference. |
Keyword |
Enter any word or words to search for within the log messages. For example, you might enter |
Message |
Enter all or part of the message log field. This option does not appear for History log searches. |
Subject |
Enter all or part of the subject line of the email message as it appears in the log message. This option appears only for History log searches. |
Message-ID |
Enter the unique identifier from the email header. |
From |
Enter all or part of the sender’s email address as it appears in the log message. This option does not appear for any event or Encryption log searches. |
Header From |
This option appears only for History log searches. |
To |
Enter all or part of the recipient’s email address as it appears in the log message. This option does not appear for any event log searches. |
Session ID |
Enter all or part of the session ID in the log message. |
Log ID |
Enter all or part of the log ID in the log message. This option does not appear for any event or Encryption or System Event log searches. |
Client name/IP |
Enter all or part of the domain name or IP address of the SMTP client. For email users connecting to send email, this is usually an IP address rather than a domain name. For SMTP servers connecting to deliver mail, this may often be a domain name. This option appears only for History and AntiSpam log searches. |
Classifier |
Enter the classifier in the log message. The classifier field displays which FortiMail scanner applies to the email message. For example, Banned Word means the email messages was detected by the FortiMail banned word scanning. For information about classifiers, see Classifiers and dispositions in history logs. |
Disposition |
Enter the disposition in the log message. The disposition field specifies the action taken by the FortiMail cluster unit(s). For information about classifiers, see Classifiers and dispositions in history logs. |
Match condition |
|
Date |
Select the date and time range of log messages to include in the search results. |
Time span |
Select the time span of log messages to include in the search results. For example, you might want to search only log messages that were recorded during the last 10 days and 8 hours previous to the specified End time date. In that case, you would specify the End time date, and also specify the size of the span of time (10 days and 8 hours) before that date. |
The primary FortiMail HA unit searches your currently selected HA cluster members for log messages that match your search criteria, and displays any matching log messages.