Staff

Technical Tip: Filter out the syslog message for the FortiGuard webfilter license expired alert.

Forum|Forum|4 years ago
April 11, 2022
0 replies
1133 views

Description

This article describes how to filter out the syslog message for the FortiGuard webfilter license expired alert.

Scope

FortiGate.

Solution

Example of license expire alert:

Mar 20 17:40:50 10.98.98.194 date=2022-03-20 time=17:40:50 devname="FGT-Test-01" devid="FGT81ETK00000000"
eventtime=1647769250965713463 tz="+0800" logid="0100020109" type="event"
subtype="system" level="critical" vd="root" logdesc="FortiGuard web filter license expired" msg="FortiGuard Web Filter license is expired.

Set the following settings on Syslog filter to filter out the license expire message:

config log syslogd filter
    set severity critical
    set filter "logid(0100020109)"
    set filter-type exclude

end

For multiple filters, use the following format:

set filter "logid(0100020109,0100020101)"

Important:

Starting v7.0 onwards, the syslog filtering syntax has changed.

Refer to 'free-style' syslog filters on those Firmware versions:

Technical Tip: Using syslog free-style filters

Technical Tip: Configuring advanced syslog free-style filters

syslog filter

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded