Viewing Log Messages

Using the right-click pop-up menus

When you right-click on a log message, a context menu appears.

Figure 85:Using the right-click menus on log reports

Table 20:Log report right-click menu options

GUI item Description
View Details Select to view the log message in a pop-up window.
Select All Select to select all log messages in the current page, so that you can export all messages to a table.
Clear Selection Select to deselect one or multiple log messages.
Export to Table Select to export the selected log messages to a table format. A new tab named Exported Table appears, displaying the exported information. The table format allows you to copy the information and paste it elsewhere.

Table 20:Log report right-click menu options

Cross Search (Session) Select to search for the log messages triggered by the same SMTP session. This may result in multiple email messages if multiple messages were sent in the same SMTP session.search log messages by session ID and message ID. For details, see “Cross-searching log messages” on page 214.
Cross Search (Message) Select to search for the log messages triggered by the same email message. For details, see “Cross-searching log messages” on page 214.
View Quarantined

Message

When viewing quarantine logs on the History tab, select to view the quarantined email message. For details about quarantined email, see “Managing the quarantines” on page 182.
Release

Quarantined

Message

When viewing quarantine logs on the History tab, select one or multiple log entries of the “Quarantine to Review” or “Quarantine” messages, then from the right-click popup menu, select the Release Quarantined Message option to release the selected message/messages. For details about quarantined email, see “Managing the quarantines” on page 182.

Searching log messages

You can search logs to quickly find specific log messages in a log file, rather than browsing the entire contents of the log file.

Search appearance varies by the log type.

Some email processing such as mail routing and subject-line tagging modifies the recipient email address, the sender email address, and/or the subject line of an email message. If you search for log messages by these attributes, enter your search criteria using text exactly as it appears in the log messages, not in the email message. For example, you might send an email message from sender@example.com; however, if you have configured mail routing on the FortiMail unit or other network devices, this address, at the time it was logged by the FortiMail

unit, may have been sender-1@example.com. In that case, you would search for sender-1@example.com instead of sender@example.com.

To search log messages

  1. Go to Monitor > Log.
  2. Click one of the log type tabs: History, Event, AntiVirus, AntiSpam, or Encryption.
  3. To search all log files of that type, click Search.

To search one of the log files, first double-click the name of a log file to display the contents of the log file, then click Search.

  1. Enter your search criteria by configuring one or more of the following:
GUI item Description
Keyword Enter any word or words to search for within the log messages.

For example, you might enter starting daemon to locate all log messages containing that exact phrase in any log field.

Message Enter all or part of the message log field.

This option does not appear for history log searches.

GUI item Description
Subject Enter all or part of the subject line of the email message as it appears in the log message.

This option appears only for history log searches.

From Enter all or part of the sender’s email address as it appears in the log message.

This option does not appear for event log searches.

To Enter all or part of the recipient’s email address as it appears in the log message.

This option does not appear for event log searches.

Session ID Enter all or part of the session ID in the log message.
Log ID Enter all or part of the log ID in the log message.
Client name (History log search only) Enter all or part of the domain name or IP address of the SMTP client. For email users connecting to send email, this is usually an IP address rather than a domain name. For SMTP servers connecting to deliver mail, this may often be a domain name.
Classifier Enter the classifier in the log message.

The classifier field displays which FortiMail scanner applies to the email message. For example, Banned Word means the email messages was detected by the FortiMail banned word scanning.

For information about classifiers, see “Classifiers and dispositions in history logs” on page 668.

Disposition Enter the disposition in the log message.

The disposition field specifies the action taken by the FortiMail unit.

For information about dispositions, see “Classifiers and dispositions in history logs” on page 668.

Time Select the time span of log messages to include in the search results.

For example, you might want to search only log messages that were recorded during the two weeks and 8 hours previous to the current date. In that case, you would specify the current date, and also specify the size of the span of time (two weeks and 8 hours) before that date.

Match condition •     Contain: searches for the exact match.

  • Wildcard: supports wildcards in the entered search criteria.
  1. Click Apply.

The FortiMail unit searches your currently selected log file for log messages that match your search criteria, and displays any matching log messages. For example, if you are currently viewing a history log file, the search locates all matching log messages located in that specific history log file.

This entry was posted in Administration Guides, FortiMail on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “Viewing Log Messages

  1. ken chua

    Dear Sir,
    G’day to you. I am new to Fortigate device. I have some queries regarding the log which showing direction “outgoing” but the mail actually going to local mail server.
    2nd, I have enable the log for Outbound mail log and i did enable all session log but so far i don’t see any of other mail that going out. Please advise.
    3rd, regarding BWL local override, i have enable this in CLI, does this apply to POP and IMAP as well?
    if my domain blacklist in fortiguard, can I use BWL to whitelist(Override) it?
    4.Spam submission- i have enable this, do you have any sample on this?

    Thanks and appreciate your help.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.