Skip to main content
dossal1905
dossal1905
New Member
March 12, 2026
Question

FortiAnalyzer Change Interim log interval for long-live session

  • March 12, 2026
  • 2 replies
  • 199 views

Hi everyone, 

 

I'm having an issue where I'm going over my daily limit for FortiAnalyzer  logs and I'm looking into ways to minimize them without impacting visibility too much. I've already enabled reliable logging and I really don't want to entirely stop taking in interim logs for ongoing sessions. My thinking is that I can increase the interval from the default 2 minutes to make some impact on the amount of logs taken in daily while still providing visibilty

 

If this is not possible, my next strategy would be to set the compression of logs to happen immediately instead of after the default 7 days with this command: 

config system sql

    set compress-table-min-age <days>

end

However, I would like to know if there would be any impact besides a small delay on alerts or reports, or higher use of VM resources.

 

Thanks in advance for any assistance.

2 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
March 15, 2026

Hello dossal1905, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

Jean-Philippe - Fortinet Community Team
funkylicious
SuperUser
funkylicious
SuperUser
March 15, 2026

for FAZ log daily limit you should read about it, https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-Minimizing-logging-from-FortiGate-to-FortiAnalyzer/ta-p/198018?externalID=FD36099 

"jack of all trades, master of none"
Terms & ConditionsAccessibility statement