Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
awasfi_FTNT
Staff
Staff

Created on ‎09-30-2024 07:11 AM Edited on ‎09-30-2024 07:12 AM By Moderator

Article Id 345844

Technical Tip: Using date, time and timestamp to the field exclusion list for logs forwarding

Description

This article describes that the following fields are not available in the exclusion list on FortiAnalyzer GUI when Log Forwarding is configured and the server type is SysLog/CEF/SysLog-Pack:

date, time, timestamp.
Scope FortiAnalyzer.
Solution

Starting from FortiAnalyzer firmware versions v7.4.4,v7.6.1 and above, date/time/timestamp added to the exclusion list and can be set from CLI only as following example:

 

config system log-forward
    edit 1
        set mode forwarding
        set fwd-max-delay realtime
        set server-name Forward_Server
        set server-addr 10.10.10.10
        set fwd-server-type syslog
            config device-filter
                edit 1
                    set adom root
                    set device FGVM010000000000
                next
            end
        set log-filter-status enable
            config log-filter
                edit 1
                next
            end
        set signature 5056607100924692052
        set log-field-exclusion-status enable
            config log-field-exclusion
                edit 1
                    set field-list time,date,timestamp
                next
            end
    next
end

 

196
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.