Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tanr
Valued Contributor II

FortiAnalyzer 5.4.1 Search Scope - Way to set default in GUI or CLI?

Hi All,

 

FortiAnalyzer 200D v5.4.1, multiple ADOMs, multiple FortiGates, plus Syslog from FortiAuthenticator, switches, etc.

 

Does anybody know a method, either in the GUI or from the CLI, to set the default Search Scope that is used in the GUI Log View for Traffic, Event, and Security?  I've searched the admin guide and the CLI guide but neither even mention search scope.

 

Limiting the Search Scope to 5000 or 10000 makes for much quicker results for my situation.  If Search Scope is set to All getting results can take quite a while.  

 

Saving a Log View Custom View also saves the Search Scope, but it would be nice to not always have to change it for the standard views, or when creating a new Custom View.

4 REPLIES 4
MikePruett
Valued Contributor

Posting to subscribe so i can see the recommendations. I'm curious as well.

Mike Pruett Fortinet GURU | Fortinet Training Videos
awasfi_FTNT
Staff
Staff

Hello,

 

Another way to search faster is custom index.

Example:

config system sql  config custom-index  edit 1 

set device-type {FortiCache | FortiGate | FortiMail |  FortiSandbox | FortiWeb}

set index-field <Field-Name>    <<-- use "?" to list available fields

set log-type <Type>          <<-- use "?" to list available types

next  ...  end end

 

http://help.fortinet.com/fa/cli-olh/5-2-9/index.htm#FortiAnalyzer-CLI-Reference/500_system/sql.htm?H...

 

Note: Custom-index will use more disk space and CPU, however search and FortiView will be faster when filtering the logs.

 

Regards

tanr
Valued Contributor II

Thanks for the custom index info awasfi.  That might help with some of the searches.

 

Any answer regarding setting the default search scope, though?

awasfi_FTNT

Hello,

 

Not sure if there any option to modify the search scope other than custom time range from GUI or search the log files under "Log Browse". I already checked CLI and couldn't find any.

 

Regards,

Labels
Top Kudoed Authors