Event Log
The Event Log pane provides an audit log of actions made by users on FortiAnalyzer. It allows you to view log messages that are stored in memory or on the internal hard disk drive. You can use filters to search the messages and download the messages to the management computer.
See the FortiAnalyzerLog Message Reference, available from the Fortinet Document Library, for more information about the log messages.
Go to System Settings > Event Log to view the local log list.
The following options are available:
Add Filter | Filter the event log list based on the log level, user, sub type, or message. See Event log filtering on page 202. | |
Last… | Select the amount of time to show from the available options, or select a custom time span or any time. | |
Column Settings | Select which columns are enabled or disabled in the Event Log table. | |
Tools | ||
Raw Log /
Formatted Log |
Click on Raw Log to view the logs in their raw state.
Click Formatted Log to view them in the formatted into a table. |
|
Real-time Log / Historical Log | Click to view the real-time or historical logs list. | |
Case Sensitive Search | Enable or disable case sensitive searching. | |
Download | Download the event logs in either CSV or the normal format to the management computer. | |
Pagination | Browse the pages of logs and adjust the number of logs that are shown per page. |
The following information is shown:
# The log number. | ||||||||||||||||||||||||||
Date/Time The date and time that the log file was generated. | ||||||||||||||||||||||||||
Device ID The ID of the related device. | ||||||||||||||||||||||||||
Sub Type The log sub-type:
Log and report manager event |
||||||||||||||||||||||||||
User The user that the log message relates to. | ||||||||||||||||||||||||||
Message Log message details. A Session ID is added to each log message. The
username of the administrator is added to log messages wherever applicable for better traceability. |
Event log filtering
The event log can be filtered using the Add Filter box in the toolbar.
To filter FortiView summaries using the toolbar:
- Specify filters in the Add Filter
- Regular Search: In the selected summary view, click in the Add Filter box, select a filter from the dropdown list, then type a value. Click NOT to negate the filter value. You can add multiple filters at a time, and connect them with an “or”.
- Advanced Search: Click the Switch to Advanced Search icon at the right end of the Add Filter box to switch to advanced search mode. In this mode, you type in the whole search criteria (log field names and values). Click the Switch to RegularSearch icon to return to regular search.
- Click Go to apply the filter.
If you’re like me, and always use ADVANCED filters, you can set the default mode to advanced with the commands:
config sys global
set default-search-mode advanced