Technical Note: Adding FortiGate cluster with VDOM's to FortiAnalyzer
Description
Solution
When adding a FortiGate cluster to FortiAnalyzer it is important to enable the HA Cluster option. The master will be in the first position, then select to add another device.
This article describes how to add FortiGate cluster with VDOM's to FortiAnalyzer.
Solution
When adding a FortiGate cluster to FortiAnalyzer it is important to enable the HA Cluster option. The master will be in the first position, then select to add another device.
If both devices are added separately, logs will be actively received from both devices and the ADOM quota will fill up quickly. It is only necessary to receive logs from the Master.
If the FortiGate cluster has VDOM's enabled, these VDOMs will appear in Device Manager as logs are received by the FortiAnalyzer for each VDOM.
To speed up the appearance of the VDOMs in device manage on the FortiAnalyzer, it is possible to issue a command to force the FortiGate to send some test logs from each VDOM:
#config vdomAll VDOM's should then be seen listed in Device Manager.
#edit xxxx
#diagnose log test