FortiAnalyzer Version 3.0 MR7 Administration Guide
152
05-30007-0082-20080908
Searching the Network Analyzer logs
Network Analyzer
To search the logs
1
Go to
Tools
>
Network Analyzer
>
Search
.
2
From Date, select Any time to search log messages from all time periods, select a
predefined time period, or select Specify and then define the starting and ending
time of your custom time period.
3
In Keyword(s), enter your search criteria.
4
If you want to specify additional match or filter criteria, select More Options to
expand that area, then configure those options.
5
Select Quick Search or Full Search.
Time required to retrieve search results varies by the complexity of the search
query, the amount of log data being searched, and whether you select Quick
Search or Full Search.
Search tips
If your search does not return the results you expect, but log messages exist that
should contain matching text, examine your keywords and filter criteria using the
following search characteristics and recommendations.
• Separate multiple keywords with a space (
arp who-has 1.1.1.1
).
• Keywords cannot contain unsupported special characters. Supported
characters vary by selection of Quick Search or Full Search.
• Keywords must literally match log message text, with the exception of case
insensitivity and wild cards; resolved names and IP aliases will not match.
• Some keywords will not match unless you include both the log field name and
its value, surrounded by quotes (
“Ack=2959769124”
).
• Remove unnecessary keywords and search filters which can exclude results.
For a log message to be included in the search results,
all
keywords must
match; if any of your keywords does not exist in the message, the match will
fail and the message will not appear in search results.
• You can use the asterisk (
*
) character as a wild card (
192.168.2.*
). For
example, you could enter any partial term or IP address, and then enter
*
to
match all terms that have identical beginning characters or numbers.
More Options
Select the blue arrow to hide or expand additional search options.
Other
Specify additional criteria, if any, that can be used to
further restrict the search criteria.
•
Source IP
: Enter an IP address to include only log
messages containing a matching source IP address.
For example, entering
192.168.2.1
would cause
search results to include only log messages
containing
src=192.168.2.1
.
•
Destination IP
: Enter an IP address to include only
log messages containing a matching destination IP
address. For example, entering
192.168.2.1
would cause search results to include only log
messages containing
dst=192.168.2.1
.
Содержание FortiAnalyzer 3.0 MR7
Страница 1: ...www fortinet com FortiAnalyzer Version 3 0 MR7 A D M I N I S T R A T I O N G U I D E...
Страница 74: ...FortiAnalyzer Version 3 0 MR7 Administration Guide 74 05 30007 0082 20080908 Maintenance System...
Страница 108: ...FortiAnalyzer Version 3 0 MR7 Administration Guide 108 05 30007 0082 20080908 Rolling and uploading logs Log...
Страница 138: ...FortiAnalyzer Version 3 0 MR7 Administration Guide 134 05 30007 0082 20080908 Browsing reports Reports...
Страница 150: ...FortiAnalyzer Version 3 0 MR7 Administration Guide 142 05 30007 0082 20080908 Output Alert...
Страница 180: ...FortiAnalyzer Version 3 0 MR7 Administration Guide 170 05 30007 0082 20080908 File Explorer Tools...
Страница 232: ...FortiAnalyzer Version 3 0 MR7 Administration Guide 220 05 30007 0082 20080908 Index...
Страница 233: ...www fortinet com...
Страница 234: ...www fortinet com...