Monitoring the system : Viewing log messages : Searching log messages
Searching log messages
You can search logs to quickly find specific log messages in a log file, rather than browsing the entire contents of the log file.
Search appearance varies by the log type.
 
Some email processing such as mail routing and subject-line tagging modifies the recipient email address, the sender email address, and/or the subject line of an email message. If you search for log messages by these attributes, enter your search criteria using text exactly as it appears in the log messages, not in the email message. For example, you might send an email message from sender@example.com; however, if you have configured mail routing on the FortiMail unit or other network devices, this address, at the time it was logged by the FortiMail unit, may have been sender-1@example.com. In that case, you would search for sender-1@example.com instead of sender@example.com.
To search log messages
1. Go to Monitor > Log.
2. Click one of the log type tabs: History, Event, AntiVirus, AntiSpam, or Encryption.
3. To search all log files of that type, click Search.
To search one of the log files, first double-click the name of a log file to display the contents of the log file, then click Search.
4. Enter your search criteria by configuring one or more of the following:
 
GUI item
Description
Keyword
Enter any word or words to search for within the log messages.
For example, you might enter starting daemon to locate all log messages containing that exact phrase in any log field.
Message
Enter all or part of the message log field.
This option does not appear for history log searches.
Subject
Enter all or part of the subject line of the email message as it appears in the log message.
This option appears only for history log searches.
From
Enter all or part of the sender’s email address as it appears in the log message.
This option does not appear for event log searches.
To
Enter all or part of the recipient’s email address as it appears in the log message.
This option does not appear for event log searches.
Session ID
Enter all or part of the session ID in the log message.
Log ID
Enter all or part of the log ID in the log message.
Client name
(History log search only)
Enter all or part of the domain name or IP address of the SMTP client. For email users connecting to send email, this is usually an IP address rather than a domain name. For SMTP servers connecting to deliver mail, this may often be a domain name.
Classifier
Enter the classifier in the log message.
The classifier field displays which FortiMail scanner applies to the email message. For example, Banned Word means the email messages was detected by the FortiMail banned word scanning.
For information about classifiers, see “Classifiers and dispositions in history logs”.
Disposition
Enter the disposition in the log message.
The disposition field specifies the action taken by the FortiMail unit.
For information about dispositions, see “Classifiers and dispositions in history logs”.
Match condition
Contain: searches for the exact match.
Wildcard: supports wildcards in the entered search criteria.
Time
Select the time span of log messages to include in the search results.
For example, you might want to search only log messages that were recorded during the last 10 days and 8 hours previous to the current date. In that case, you would specify the current date, and also specify the size of the span of time (10 days and 8 hours) before that date.
5. Click Apply.
The FortiMail unit searches your currently selected log file for log messages that match your search criteria, and displays any matching log messages. For example, if you are currently viewing a history log file, the search locates all matching log messages located in that specific history log file.