Skip to main content
tanr
tanr
New Member
October 6, 2016
Question

FortiAnalyzer 5.4.1 Search Scope - Way to set default in GUI or CLI?

  • October 6, 2016
  • 2 replies
  • 5461 views

Hi All,

 

FortiAnalyzer 200D v5.4.1, multiple ADOMs, multiple FortiGates, plus Syslog from FortiAuthenticator, switches, etc.

 

Does anybody know a method, either in the GUI or from the CLI, to set the default Search Scope that is used in the GUI Log View for Traffic, Event, and Security?  I've searched the admin guide and the CLI guide but neither even mention search scope.

 

Limiting the Search Scope to 5000 or 10000 makes for much quicker results for my situation.  If Search Scope is set to All getting results can take quite a while.  

 

Saving a Log View Custom View also saves the Search Scope, but it would be nice to not always have to change it for the standard views, or when creating a new Custom View.

2 replies

MikePruett
MikePruett
New Member
October 7, 2016

Posting to subscribe so i can see the recommendations. I'm curious as well.

awasfi_FTNT
Staff
awasfi_FTNT
Staff
October 11, 2016

Hello,

 

Another way to search faster is custom index.

Example:

config system sql  config custom-index  edit 1 

set device-type {FortiCache | FortiGate | FortiMail |  FortiSandbox | FortiWeb}

set index-field <Field-Name>    <<-- use "?" to list available fields

set log-type <Type>          <<-- use "?" to list available types

next  ...  end end

 

http://help.fortinet.com/fa/cli-olh/5-2-9/index.htm#FortiAnalyzer-CLI-Reference/500_system/sql.htm?Highlight=custom-index

 

Note: Custom-index will use more disk space and CPU, however search and FortiView will be faster when filtering the logs.

 

Regards

tanr
tanrAuthor
New Member
October 11, 2016

Thanks for the custom index info awasfi.  That might help with some of the searches.

 

Any answer regarding setting the default search scope, though?

awasfi_FTNT
Staff
awasfi_FTNT
Staff
October 12, 2016

Hello,

 

Not sure if there any option to modify the search scope other than custom time range from GUI or search the log files under "Log Browse". I already checked CLI and couldn't find any.

 

Regards,

Terms & ConditionsAccessibility statement