Skip to main content
albaker1
albaker1
New Member
June 5, 2025
Question

Filter logs from FortiAnalyzer

  • June 5, 2025
  • 3 replies
  • 1246 views

We're sending all logs from FAZ running 7.4.6 to an external log collector, but we want to not send some traffic, such as NetFlow over tcp port 2055. Under Systems Settings > Advanced, there is a Log Forwarding tab where we've defined where the messages are being forwarded to, and within this area, there is a section called "Log Forwarding Filters." I've been looking into the "Enable Exclusions" section, where it's possible to select a field called "Destination Port (dstport)," but it doesn't appear to be possible that the actual port number can be defined. Can this be done? If so, can anyone offer guidance for accomplishing this? Thank you.

3 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
June 8, 2025

Hello albaker1, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
    Jean-Philippe_P
    Staff & Editor
    Jean-Philippe_P
    Staff & Editor
    June 10, 2025

    Hello,

     

    We are still looking for an answer to your question.

     

    We will come back to you ASAP.

     

    Thanks,

    Jean-Philippe - Fortinet Community Team
      Jean-Philippe_P
      Staff & Editor
      Jean-Philippe_P
      Staff & Editor
      June 11, 2025

      Hello albaker1,

       

      I found this solution. Can you tell me if it helps, please?

       

      To exclude logs based on a specific destination port, such as TCP port 2055, you can configure log forwarding filters on FortiAnalyzer. Here’s how you can do it:

       

      1. Access Log Forwarding Filters: Navigate to the System Settings > Advanced > Log Forwarding tab.

      2. Enable Exclusions: In the Log Forwarding Filters section, enable the exclusions option.

      3. Configure Log Filters:
        - Add a new log filter.
        - Set the Log Field to Destination Port (dstport).
        - Use the Match Condition to specify the port you want to exclude. For example, you can use a condition like `!dstport=2055` to exclude logs with destination port 2055.

      4. Apply the Configuration: Save the changes to apply the filter settings.

      This configuration will ensure that logs with the specified destination port are not forwarded to the external log collector.

      Jean-Philippe - Fortinet Community Team
      Terms & ConditionsAccessibility statement