Technical Tip: How to apply filters in forward traffic logs

Description

This article provides steps to apply 'add filter' for a specific value.

Scope

FortiGate.

Solution

In forward traffic logs, it is possible to apply the filter for specific source/destination, source/destination range and subnet.

To apply filter for specific source: Go to Forward Traffic, select 'add filter' and enter the specific IP.

•  Select 'add filter' and enter the starting IP of the range and apply.
• Select 'A-B' and will get the option to enter the end IP of the range.

To apply the filter for source subnet or IP grater then specific IP.

• Select 'add filter' and enter the starting IP of the subnet and apply.
• Select '>=' to filter all the IP of the greater or equals to added IP.

  

It is also possible to use 'OR' to filter multiple values and 'NOT' to negate the filter values.
It is possible to apply the similar filter for destination IPSs, policies, interfaces and other filter fields as well.

 

Another way is to select the the value that needs to be used as filter and right-click on it to it as filter where you can select one of the option: one would be to use it as filter or any traffic which doesn't have this value that is selected.

Example: In the screenshot below the value 178.10.199.186 from the source has been selected. So it is possible to get all the traffic with source IP 178.10.199.186 or any traffic that does not include source ip 178.10.199.186.

Note: Starting from v7.6, users can now search logs by zone names with the new srczone and dstzone fields:

config log setting     set zone-name {enable | disable} end