Technical Tip: How to exclude a specific set of logs that is sent to FortiAnalyzer from FortiGate firewall

There might be cases where a set of logs needs to be excluded by the FortiGate firewall from sending it to FortiAnalyzer.
Example: log storage on FortiAnalyzer is getting high or false positive logs triggering an action in FortiAnalyzer.

In the below example, it is configured a filter to exclude specific log IDs: 

config log fortianalyzer filter
     config free-style
         edit 1
             set category event
             set filter "(logid 0100026003 0100026001)"

             set filter-type exclude

         next 

     end

Logs:

date=xxxx time=xxxx .. logid="0100026003" type="event" subtype="system" level="information" vd="root" logdesc="DHCP statistics" interface="xxx" total=3 used=0 msg="DHCP statistics" ...

date=xxxx time=xxxx .. logid="0100026001" type="event" subtype="system" level="information" msg="DHCP server sends a DHCPACK" logdesc="DHCP Ack log" ...

LogID can be taken from the generated logs or from the below document.

26003 - LOG_ID_DHCP_STAT
26001 - LOG_ID_DHCP_ACK

Related document:

Log ID numbers.