Skip to main content
Pham_Phu_Cuong
Pham_Phu_Cuong
New Member
May 1, 2018
Question

How to stop FortiAnalyzer from receiving

  • May 1, 2018
  • 1 reply
  • 4421 views

Hi guys,

 

I'm wondering if there is a way for me to stop my FAZ (VM) from receiving the logs from other Fortigates, that is without changing the IP address or routing on the FAZ.

 

Basically what I want to do is to stop FAZ and let the FGTs keep the logs for a while , to do the upgrading, then let it resume receiving logs.

 

Anyone have any ideas?

 

Thanks,

Pham Phu Cuong

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    May 1, 2018

    I looked through CLI but it doesn't seem to have any convenient command you're looking for. Only option seems to be a routing change, like removing the default after leaving a /32 route for your access to the unit.

    abelio
    SuperUser
    abelio
    SuperUser
    May 2, 2018

    Hi,

    you didn't mention it in your post,  but, assuming your fortigates have disks, you could use 'store-and-upload' logging option.

    Enabling that you also can fine tune upload interval using cli: #config log fortianalyzer setting     set store-and-upload enable     set upload interval {daily|weeky| monthly}

       ......

    end

     

     

     

        
    Terms & ConditionsAccessibility statement