Technical Note: How to move FortiGate HA cluster logs from one FortiAnalyzer to another
Description
Solution
This article explains how to move the logs from one FortiAnalyzer to another in the scenario where a FortiGate HA cluster is logging to a FortiAnalyzer.
Solution
The FortiAnalyzer will have generated a virtual serial number for the cluster. The following steps will allow logs to be moved from the FortiAnalyzer to another one:
1. Backup the logs from the old FortiAnalyzer.
2. Make sure that the HA cluster has been added to the new FortiAnalyzer. Find the new virtual serial number for the cluster with the command:
4. Import the renamed log files to the new FortiAnalyzer.
1. Backup the logs from the old FortiAnalyzer.
2. Make sure that the HA cluster has been added to the new FortiAnalyzer. Find the new virtual serial number for the cluster with the command:
diag dvm device list3. Rename the backed-up log files so that they use the new virtual cluster serial number.
4. Import the renamed log files to the new FortiAnalyzer.