FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 265525
Description This article describes how to exclude specific logs that is been sent to FortiAnalyzer.
Scope FortiOS 7.0.

There might be cases where a set of logs needs to be excluded by the FortiGate firewall from sending it to FortiAnalyzer.
Example: log storage on FortiAnalyzer is getting high or false positive logs triggering an action in FortiAnalyzer.


In the below example, it is configured a filter to exclude specific log IDs: 


config log fortianalyzer filter
     config free-style
         edit 1
             set category event
             set filter "(logid 0100026003 0100026001)"

             set filter-type exclude





date=xxxx time=xxxx .. logid="0100026003" type="event" subtype="system" level="information" vd="root" logdesc="DHCP statistics" interface="xxx" total=3 used=0 msg="DHCP statistics" ...

date=xxxx time=xxxx .. logid="0100026001" type="event" subtype="system" level="information" msg="DHCP server sends a DHCPACK" logdesc="DHCP Ack log" ...


LogID can be taken from the generated logs or from the below document.




Related document:

Log ID numbers.