Fortinet black logo

Administration Guide

Filtering report output

Filtering report output

You can apply log message filters to reports and charts.

To filter output in a report:

Click the Settings tab and scroll to the Filters section.

To filter output in a chart:
  1. Click the Layout tab.
  2. Filter a new or existing chart:
    • Click Insert Chart and scroll to the Filters section.
    • Right-click a chart in the layout and select Chart Properties. Scroll to the Filters section.

In the Filters section, the following options are available.

Field

Description

Log messages that match

Available in the Settings tab only.

Select All to filter log messages based on all of the added conditions, or select Any of the Following Conditions to filter log messages based on any one of the conditions.

Add Filter

Click to add filters. For each filter, select the field, and operator from the dropdown lists, then enter or select the values as applicable.

Filters vary based on device type.

Note

When adding a filter, keep the following considerations in mind:

  • The Settings and Layout tabs use the same Log Field list to filter output; however, some log fields are not used in charts. The Log Field you use to filter a report may not apply to the log fields in a chart.

  • The Value field is case sensitive.

LDAP Query

Available in the Settings tab only.

Click to add an LDAP query, then select the LDAP Server and the Case Change value from the dropdown lists.

Use this option to query an LDAP server for group membership. The results of this query is used to filter the report to only match logs for users belonging to that group.

You must specify the group name in the filter definition.

If you enable LDAP Query, the group name is not used to match the group field in logs. The group name is only used for the LDAP query to determine group membership.

Note

The query will not retrieve the userPrincicpalName if the Distinguished Name in the System Settings does not contain an organization unit (ou). To retrieve the UPN, add the Distinguished Name as it appears in the System Settings to your query.

Note

If both chart and report filters are selected for the same report, the chart filter will be used instead of the report filter.

Filtering report output

You can apply log message filters to reports and charts.

To filter output in a report:

Click the Settings tab and scroll to the Filters section.

To filter output in a chart:
  1. Click the Layout tab.
  2. Filter a new or existing chart:
    • Click Insert Chart and scroll to the Filters section.
    • Right-click a chart in the layout and select Chart Properties. Scroll to the Filters section.

In the Filters section, the following options are available.

Field

Description

Log messages that match

Available in the Settings tab only.

Select All to filter log messages based on all of the added conditions, or select Any of the Following Conditions to filter log messages based on any one of the conditions.

Add Filter

Click to add filters. For each filter, select the field, and operator from the dropdown lists, then enter or select the values as applicable.

Filters vary based on device type.

Note

When adding a filter, keep the following considerations in mind:

  • The Settings and Layout tabs use the same Log Field list to filter output; however, some log fields are not used in charts. The Log Field you use to filter a report may not apply to the log fields in a chart.

  • The Value field is case sensitive.

LDAP Query

Available in the Settings tab only.

Click to add an LDAP query, then select the LDAP Server and the Case Change value from the dropdown lists.

Use this option to query an LDAP server for group membership. The results of this query is used to filter the report to only match logs for users belonging to that group.

You must specify the group name in the filter definition.

If you enable LDAP Query, the group name is not used to match the group field in logs. The group name is only used for the LDAP query to determine group membership.

Note

The query will not retrieve the userPrincicpalName if the Distinguished Name in the System Settings does not contain an organization unit (ou). To retrieve the UPN, add the Distinguished Name as it appears in the System Settings to your query.

Note

If both chart and report filters are selected for the same report, the chart filter will be used instead of the report filter.