Skip to main content
adem_netsys
adem_netsys
Explorer III
September 29, 2024
Question

Enterprise to Service Provider

  • September 29, 2024
  • 2 replies
  • 854 views

Hi,

We have a SIEM that we currently use as Enterprise. If we archive all the logs here on NFS and want to reinstall the product as a service provider, will we have a chance to see the old logs we archived? Does anyone have any idea?

    2 replies

    premchanderr
    Staff & Editor
    premchanderr
    Staff & Editor
    September 30, 2024

    Hi @adem_netsys ,

     

    Please note that backup the current data and restore it once you had provisioned the new FortiSIEM on Service Provider is not an option since directories and databases change from one type to another by design. There is no official document and support for this. 

    Archive should be fresh disk, cannot Test and save a disk with data.  At your own risk you can test by copying old data to online storage and then move to archive manually.  

    Secusaurus
    Secusaurus
    Contributor III
    September 30, 2024

    Hello @adem_netsys,

     

    In my experience, every time I do major changes to the database setup (ip address, storage system, moving databases, etc.), the system has some issues in the rules and incidents.

    Therefore, I would highly recommend not to transfer the data - and, btw, consider moving to ClickHouse in this step as well.

     

    Best,

    Christian

    NSE8 | Fortinet Advanced MSSP Partner
      Terms & ConditionsAccessibility statement