Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAnalyzer 7.0.3 Administration Guide
    7.0.3
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.5
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.13
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.0
    4.2.0
    4.1.0
    4.0.0

    Adding pre-filters to event handlers

    Adding pre-filters to event handlers

    Pre-filters can be configured for all the available log fields in event handlers. Each event handler can have multiple pre-filters.

    The pre-filters are applied before every regular filter in the event handler. This means the pre-filter criteria does not need to be added individually within each regular filter.

    To create a pre-filter:
    1. Go to FortiSoC > Handlers > Event Handler List.
    2. Select the checkbox for an existing event handler, and click Edit.

      You can also add pre-filters when creating a new event handler.

    3. In the Pre-filters area, click Add Pre-Filter.

      The Pre-filter dialog opens.

    4. Configure the pre-filter.

      Name

      Enter a name for the pre-filter.

      Log Device Type

      Select the device type from the dropdown.

      Log Type

      Select a log type from the dropdown. The log types will vary depending on the device type.

      Log Subtype

      Select a log subtype from the dropdown. The log subtype is not available for all devices types.

      Logs Match

      Select All or Any of the following conditions.

      Log Field

      Select a log field from the dropdown.

      		Match Criteria

      Select an operator from the dropdown.

      Value

      Select the event type from the dropdown.

    5. To insert another pre-filter condition in the list, click the add icon (+).

      If you need to delete a pre-filter condition, click the delete icon next to the condition.

    6. (Optional) In the Generic Text Filter field enter the filter string.

      For more information, see Using the Generic Text Filter in an event handler.

    7. To save the pre-filter, click OK.

      The Pre-filter dialog closes.

    8. To insert another pre-filter, click the add icon (+) in the Pre-filters area.
    Previous
    Next

    Adding pre-filters to event handlers

    Adding pre-filters to event handlers

    Pre-filters can be configured for all the available log fields in event handlers. Each event handler can have multiple pre-filters.

    The pre-filters are applied before every regular filter in the event handler. This means the pre-filter criteria does not need to be added individually within each regular filter.

    To create a pre-filter:
    1. Go to FortiSoC > Handlers > Event Handler List.
    2. Select the checkbox for an existing event handler, and click Edit.

      You can also add pre-filters when creating a new event handler.

    3. In the Pre-filters area, click Add Pre-Filter.

      The Pre-filter dialog opens.

    4. Configure the pre-filter.

      Name

      Enter a name for the pre-filter.

      Log Device Type

      Select the device type from the dropdown.

      Log Type

      Select a log type from the dropdown. The log types will vary depending on the device type.

      Log Subtype

      Select a log subtype from the dropdown. The log subtype is not available for all devices types.

      Logs Match

      Select All or Any of the following conditions.

      Log Field

      Select a log field from the dropdown.

      		Match Criteria

      Select an operator from the dropdown.

      Value

      Select the event type from the dropdown.

    5. To insert another pre-filter condition in the list, click the add icon (+).

      If you need to delete a pre-filter condition, click the delete icon next to the condition.

    6. (Optional) In the Generic Text Filter field enter the filter string.

      For more information, see Using the Generic Text Filter in an event handler.

    7. To save the pre-filter, click OK.

      The Pre-filter dialog closes.

    8. To insert another pre-filter, click the add icon (+) in the Pre-filters area.
    Previous
    Next