|
This is by design. The free-style filter is intended to filter specific logs per category. Other category doesn't apply the filter.
# show log syslogd filter
# config log syslogd filter
# config free-style
edit 1
set category attack
set filter "logid 0419016384"
set filter-type include
next
end
end
With the above configuration, all other logs will go through. but for 'attack', only 'logic 0419016384' logs may pass.
In version 6.4, it was not possible to specify categories, but in 7.0, it has been improved to set more detail by category.
So it should be set filters to include or exclude other categories.
The CLI command has been changed as follows to a free-style filter.
CLI Setting:
Version 6.4:
# config log syslogd filter
Description: Filters for remote system server.
set anomaly [enable|disable]
set filter {string}
set filter-type [include|exclude]
set forward-traffic [enable|disable]
set gtp [enable|disable]
set local-traffic [enable|disable]
set multicast-traffic [enable|disable]
set severity [emergency|alert|...]
set sniffer-traffic [enable|disable]
set voip [enable|disable]
end
Related document:
https://docs.fortinet.com/document/fortigate/6.4.12/cli-reference/444620/config-log-syslogd-filter
Version 7.0 or 7.2 later:
# config log syslogd filter
Description: Filters for remote system server.
set anomaly [enable|disable]
set forward-traffic [enable|disable]
# config free-style
Description: Free style filters.
edit <id>
set category [traffic|event|...]
set filter {string}
set filter-type [include|exclude]
next
end
set gtp [enable|disable]
set local-traffic [enable|disable]
set multicast-traffic [enable|disable]
set severity [emergency|alert|...]
set sniffer-traffic [enable|disable]
set voip [enable|disable]
set ztna-traffic [enable|disable]
end
Related document:
https://docs.fortinet.com/document/fortigate/7.0.10/cli-reference/456620/config-log-syslogd-filter
|
