Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Kraven2323
Staff
Staff

Created on ‎04-11-2022 02:02 PM Edited on ‎12-12-2023 09:35 PM By Community Manager

Article Id 209006

Technical Tip: Filter out the syslog message for the FortiGuard webfilter license expired alert.

Description This article describes how to filter out the syslog message for the FortiGuard webfilter license expired alert.
Scope FortiGate.
Solution

Example of license expire alert:

 

Mar 20 17:40:50 10.98.98.194 date=2022-03-20 time=17:40:50 devname="FGT-Test-01" devid="FGT81ETK00000000"
eventtime=1647769250965713463 tz="+0800" logid="0100020109" type="event"
subtype="system" level="critical" vd="root" logdesc="FortiGuard web filter license expired" msg="FortiGuard Web Filter license is expired.

 

Set the following settings on Syslog filter to filter out the license expire message:

 

config log syslogd filter
    set severity critical
    set filter "logid(0100020109)"
    set filter-type exclude

  end

 

For multiple filters, use the following format:

set filter "logid(0100020109,0100020101)"

 

Important:

Starting v7.0 onwards, the syslog filtering syntax has changed.


Refer to 'free-style' syslog filters on those Firmware versions:

Technical Tip: Using syslog free-style filters

Technical Tip: Configuring advanced syslog free-style filters
Labels:
562
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.