Skip to main content
avizzari
Staff
avizzari
Staff
September 24, 2009

Technical Note : FortiAnalyzer 4.0 MR1 Rolling method

  • September 24, 2009
  • 0 replies
  • 1419 views

Description
Starting from 4.0 MR1 FortiAnalyzer changed the way logs are "rolled" .

Previous to 4.0 MR1 FortiAnalyzer was using an incremental decimal numbering method.


The steps are:

1- The current log (the active one being written) is called tlog.log
2- When it reaches the limit (time or size) FortiAnalyzer will roll to a format like tlog.N.log where N is the itime of the first line (first log received in the file). The file modification time will match the itime of the last line (last log received in the file).
If there is already a file with such name, N will be reduced by one until a free itime it found.
3- Once the active file is rolled into a numbered file, it will not need to be changed.
4- New logs will be stored in the new current log (the one being written) called tlog.log

New formats are like :  tlog.1252929496.log

If log uploading is configured, once logs are uploaded to the remote server or downloaded via GUI they are in the below format:

FG3K6A3406600001-tlog.1252929496.log-2009-09-14-14-00-14.gz



Terms & ConditionsAccessibility statement