Filtering log messages
You can filter log messages using filters in the toolbar or by using the right-click menu.
Filters are not case-sensitive by default. To use case-sensitive filters, select Tools > Case Sensitive Search.
To filter log messages using filters in the toolbar:
- Go to the log view you want.
- Click Add Filter.
- In the Device list, select a device.
- In the Time list, select a time period.
Regular search |
Click Add Filter and select a filter from the dropdown list, then type a value. Only displayed columns are available in the dropdown list. You can use search operators in regular search. |
Switching between regular search and advanced search |
At the right end of the Add Filter box, click the Switch to Advanced Search icon or click the Switch to Regular Search icon . |
Advanced search |
In Advanced Search mode, enter the search criteria (log field names and values). |
Search operators and syntax |
Click at the right end of the Add Filter box to view search operators and syntax pane. See also Search operators and syntax. |
CLI string “freestyle” search |
Searches the string within the indexed fields configured using the CLI command: For example, if the indexed fields have been configured using these CLI commands: config system sql config ts-index-field edit "FGT-traffic" set value "app,dstip,proto,service,srcip,user,utmaction" next end end Then if you type “ You can combine freestyle search with other search methods, for example: |
To filter log summaries using the right-click menu:
In a log message list, right-click an entry and select a filter criterion. The search criterion with a icon returns entries matching the filter values, while the search criterion with a icon returns entries that do not match the filter values.
Depending on the column in which your cursor is placed when you right-click, Log View uses the column value as the filter criteria. This context-sensitive filter is only available for certain columns.
To see log field name of a filter/column, right-click the column of a log entry and select a context-sensitive filter. The Add Filter box shows log field name. Context-sensitive filters are available for each log field in the log details pane. See Viewing log message details. |
Search operators and syntax
Operators or symbols |
Syntax |
---|---|
And |
Find log entries containing all the search terms. Connect the terms with a space character, or “and”. Examples:
|
Or |
Find log entries containing any of the search terms. Separate the terms with “or” or a comma “,”. Examples:
|
Not |
Find log entries that do NOT contain the search terms. Add “-” before the field name. Example:
|
>, < |
Find log entries greater than or less than a value, or within a range. This operator only applies to integer fields. Example:
|
IP subnet/range search |
Find log entries within a certain IP subnet or range. Examples:
|
Wildcard search |
You can use wildcard searches for all field types. Examples:
|
Filtering FortiClient log messages in FortiGate traffic logs
For FortiClient endpoints registered to FortiGate devices, you can filter log messages in FortiGate traffic log files that are triggered by FortiClient.
To Filter FortiClient log messages:
- Go to Log View > Traffic.
- In the Add Filter box, type
fct_devid=*
. A list of FortiGate traffic logs triggered by FortiClient is displayed. - In the message log list, select a FortiGate traffic log to view the details in the bottom pane.
- Click the FortiClient tab, and double-click a FortiClient traffic log to see details.
The FortiClient tab is available only when the FortiGate traffic logs reference FortiClient traffic logs.