Skip to main content
jamestiberius
jamestiberius
Explorer
June 24, 2016
Question

fortianalyzer reports only go back 10 days - log setting?

  • June 24, 2016
  • 2 replies
  • 21529 views

I was asked to run user detailed browsing log and web usage report for the last 45 days.

when I run the reports, it only goes back 10 days.

 

I checked the device log settings on the analyzer, and it was set to roll log file at 200 MB, and I changed that to the maximum of 500.

under file management nothing is checked to automatically delete.

 

how can I view how far back my logs go?

is there someplace else I need to check settings?

 

    2 replies

    Marilia
    Marilia
    New Member
    June 24, 2016

    Verify the Disk Log Quota

    On Device Manager Right Click and select EDIT

    very the Disk Log Quota (min. 100MB)

    Mikael_A
    Mikael_A
    New Member
    June 27, 2016

    Hello!

    You can check the logs @ Log View->Log Browse

    jamestiberius
    jamestiberiusAuthor
    Explorer
    June 28, 2016

    okay, so I have found that I can run the report for any 10 day period, going back more than 45 days, and I can see the report for those 10 days.

     

    but it appears that if I try to run the report for more than 12 days, it only gives me the last 12 days.

    I have ran reports for 15 days, 20 days, 30 days, and each only returns the last 12 days.

     

    BUT- I can specify the date, make it over 30 days ago, and I have that information in the report, as long as the time period is less than 12 days.

    I have tried running reports for N days, N weeks, custom days, it all works the same.

     

    is there a setting I am missing?

    MikePruett
    MikePruett
    New Member
    June 28, 2016

    Every issue I have ever run into where logs were only showing for the past x number of days was related to log quota size.

     

    Either that, or someone only kicked on UTM / logging that long ago and before it was running without it.

    Mikael_A
    Mikael_A
    New Member
    June 29, 2016

    I´ve seen issues where Fortianalyzers with low performance will not give you good reports even if the data is present.

    For example, you have data for periods 1-30 but the report gives you output for say day 3-6, 15, 28-30.

    Really strange and inconsistent results.

    If I restored the logs in a VM, the report generated OK.

     

    You could try and setup a free VM and try a restore there.

    AtiT
    AtiT
    New Member
    June 29, 2016

    The same issue as Mikael.A described above.

    We are using approx. 80 ADOMS. We sometimes had a problem mainly with the webfilter log that no result was generated or only for some days but only under some ADOM. When I backed up the logs for the specific ADOM to FTP and uploaded them back the report was OK.

    Probably corrupted database? (version was 5.0.10)

    Now we are on 5.2.7 (1 month) and it is OK. We will see.

     

    Terms & ConditionsAccessibility statement