Technical Tip: How to check FortiAnalyzer log rate

Description

This article describes how to check the log receiving rate in FortiAnalyzer.

Scope

FortiAnalyzer.

Solution

1. Check the log rate by using the following command.

diagnose fortilogd lograte

FAZ# diagnose fortilogd lograte

last 5 seconds: 0.2, last 30 seconds: 0.7, last 60 seconds: 17.7

2. Check the log rate by each ADOM using the following command.

diagnose fortilogd lograte-adom <adom_name>

FAZ# diagnose fortilogd lograte-adom root

                                        Logs Per Second

               Adom Name       Last 5sec      Last 30sec      Last 60sec

--------------------------------------------------------------------------

                    root            0.40            0.23            0.17

3. Check the log rate by each logging device using the following command.

diagnose fortilogd lograte-device <device_name>

FAZ# diagnose fortilogd lograte-device FGVM010000108xxx

Logs per second

Totals                    Last Hour       Day      Week

-------------------------------------------------------

        FGVM010000108xxx:      1.07      0.23      0.11

4. Check the log rate by total using the following command.

    

diagnose fortilogd lograte-total

FAZ# diagnose fortilogd lograte-total

Logs per second

Totals                    Last Hour       Day      Week

-------------------------------------------------------

                        :      1.53      0.33      0.16

Note: The following command  shows the Device ID rather than the actual serial number that could help identify the device.

FAZ# diagnose fortilogd lograte-device 

Example:

FAZ# diagnose fortilogd lograte-device 

Logs per second

Totals                    Last Hour       Day      Week

-------------------------------------------------------

        FGVM010000108xxx:          1.07      0.23      0.11
        FGHA00xxxxxxxxx1_CID:      35.74     32.73    32.43
        FGHA00xxxxxxxxx2_CID:      1.69      1.64      1.67

The following command can then be used to get the actual device details:

diagnose log device

FAZ# diagnose log device FGHA00xxxxxxxxx1_CID

Filter Device String: FGHA00xxxxxxxxx1_CID
Device Name Device ID Used Space(logs / quarantine / content / IPS) Allocated Space Used%
EMEA-LAB_HA_FG100F FGHA00xxxxxxxxx1_CID11.6GB( 11.6GB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a
|- HA cluster member: FG100FTK0XXXXX
|- HA cluster member: FG100FTK0XXXXX
Matched devices number: 1
Total: 1 log devices, used=11.6GB quota=unlimited

Related documents:

fortilogd