Skip to main content
sreddi
Staff
sreddi
Staff
October 31, 2019

Technical Tip: Sending Logs from FortiGate to Multiple FortiAnalyzers

  • October 31, 2019
  • 0 replies
  • 13650 views

 

Description

This article describes how to configure FortiGate to send logs to multiple FortiAnalyzers and verify the connectivity between them.

Scope

FortiAnalyzer/FortiGate.

Solution
  1. It is possible to have FortiGate send logs to 3 different FortiAnalyzers.
  2. Only the first FortiAnalyzer can be added via the GUI under Security Fabric -> Fabric Connector -> FortiAnalyzer Logging.

 

Picture4.png

 
  1. The other 2 FortiAnalyzers’ IP addresses and Serial Number, can only be added using the CLI:

 

config log fortianalyzer2 setting

    set status enable

    set server x.x.x.x

    set serial FAZ-VMYYYYYYY

    set upload-option <realtime/1-minute/5-minute>

end

 

config log fortianalyzer3 setting

    set status enable

    set server x.x.x.x

    set serial FAZ-VMYYYYYYY

    set upload-option <realtime/1-minute/5-minute>

end

 

  1. Log in to each FortiAnalyzer and authorize the FortiGate. 
lingky88_0-1678945581030.png

 

  1. Run the following commands to test the connectivity and verify if logs are sent to all 3 FortiAnalyzers. Verify also the FortiAnalyzer Host Name and Serial Number.

 

execute log fortianalyzer test-connectivity  <-----  Test 1st FortiAnalyzer.

execute log fortianalyzer test-connectivity <-----  Test 2nd FortiAnalyzer.

execute log fortianalyzer test-connectivity 3 <----- Test 3rd FortiAnalyzer.

 

lingky88_1-1678945581037.png

 

lingky88_2-1678945581042.png

 

lingky88_3-1678945581047.png

 

Related article:
Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity

 

    Terms & ConditionsAccessibility statement