Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Can I create custom Fortianalyzer field-list for exclusions

I am trying to reduce the amount of logs sent from FAZ to SIEM via log forwarding, but would still like to forward all FGT logs to FAZ. I can configure log exclusion and set a field-list, but the field-list options are generic and not as granular as I would like (from what I can tell). Can I create a custom field-list that is more detailed, such as a particular destination IP?

I would really prefer the option to exclude based on FGT Internet Service category and destination IP, but am open to nay input.


Not applicable

Welcome to the Fortinet community and Thank you for your post. Hopefully, you've been keeping safe and doing well!

We see you are facing the issue of creating a custom FortiAnalyzer field-list for exclusion.

You should receive an update from one of the team members soon on. Thanks for your patience on this.

Not applicable

Hello jacobcamp,


I checked and found in the FAZ configuration the way to do it.

config system log-forward

edit <id> --> logid
set mode {aggregation | disable | forwarding}
set fwd-log-source-ip {local_ip | original_ip}
set log-field-exclusion-status {enable | disable} --> need to be enabled

config log-field-exclusion
edit <id>
set dev-type {FortiGate | FortiMail | FortiManager | FortiAnalyzer | FortiWeb | FortiCache | FortiSandbox | FortiDDoS | Syslog}
set field-list <string>
set log-type {app-ctrl | attack | content | dlp | emailfilter | event | generic | history | traffic | virus | voip | webfilter | netscan | waf | gtp | dns | ssh | ANY-TYPE}

config log-filter
edit <id>
set field {type | logid | level | devid | vd | srcip | srcintf | srcport | dstip | dstintf | dstport | user | group | free-text }
set oper {= | != | < | > | <= | >= | contain | not-contain | match}
set value {traffic | event | utm}


Let me know if it helps.

Top Kudoed Authors