Thanks for the response.

I've tried this on FortiAnalyzer 5.2 and this doesn't work, it's needed that the FortiGate that generated the logs, is actually registered on FAZ.

I'm talking about having a dedicated FAZ to reporting (no a single FGT registered), and eventually pulling random logs from an external storage device.

Could you please attach a small sample log that you were tring to import to the FAZ 5.2?

https://dl.dropboxusercontent.com/u/14535641/FGTADOM3_tlog_from_2015-12-16_18_44_44_to_2016-01-15_18_44_44.log_at_1452912305.log.gz

Tks !

I was able to import your log file on my FAZ-VM that is running 5.4 interim build - see attached screenshots for details. You need to take the following steps:

• Add the FGT device: FGVM020000037670  in Device Manager of the FAZ (you can give a bogus IP but the SN needs to be true)
• Go to Log View to import the log file under the this device name from the import diaglog

I am trying to pull the local disk logs from a 3000D to a FAZ VM, both are 5.4.1 and I am getting an internal error on the import. Is there anyway to do this? I have a PoC where the partner did not install a FAZ and the customer wants some really nice reports. It's only 3 days of data but 300-400 Mbps customer environment so should be decent amount of data.

I also get " internal error" message in 5.4.2 build 1151 when I upload the log from other FAZ 

I just create a new FAZ from device manager , enter the correct SN but it can't import the log

is it anything wrong ?

Hi Jason

I got the same result as you, if I use the following settings for downloading logs:

Log file format = Native
Compress With gzip "check"

As a workaround:

Keep log file format as “Native” and uncheck "Compress With gzip", this worked for me. I'll open a Mantis as it seems there is a problem with “gzip”.

Many thanks, Roland

Hi Roland

It solved my problem...

Thanks for your advice and support :)

Jason