We recently conducted an internal penetration test and the testing machine generated 20 times more messages on our analyzer. I have already deleted log files, however, is there a way to delete the messages generated by that PEN test machine from the analytic database? Thanks!
Hey ryeh028,
there is no way to delete entries from the analytic database directly.
The only way to remove those log messages is to first delete them from archive logs, and then rebuild the database:
-> this will discard the current database with the logs in question
-> the new database will be rebuilt based on archive logs (where the logs in question were already removed)
-> the new database should not contain the logs in question
KB on rebuilding a database: https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-FortiAnalyzer-SQL-database-delete-and-rebuild/ta-p/193883
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
