Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
awasfi_FTNT
Staff
Staff

Created on ‎10-14-2015 05:11 AM

Article Id 191787

Technical Note: Converting timestamps in FortiAnalyzer log file name

Description
This article describes how to convert timestamps in FortiAnalyzer log file names.

When uploading log files to a FTP server, a FortiAnalyzer will use the following format for the filename:
<FGT_SN>-<type>log.<itime>-<date>.gz
Where:
<FGT_SN> FortiGate serial number.
<type>   Log type.  For example: tlog for traffic logs, elog for event logs.
<itime>  Internal time of the first log in the file.
<date>   Date and time of last log entry in the file.
The internal time is expressed using epoch time (also known as Unix time).

Solution
FortiAnalyzer uses epoch date/time format which is not readable.  For example:
FGT60D4614079321.tlog.1444563489.log
The log files can be renamed in a user friendly format by setting log-file-archive-name option under system log settings to Extended instead of its default value basic:
# config system log settings
(settings)# set log-file-archive-name extended
(settings)# end
The file on FTP server will then be named as:
FGT60D4614079321.2015-12-10-11:38:09.tlog.1444563489.log
A number of online epoch convertors are available and can be used to read epoch format timestamps.  For example: http://www.epochconverter.com/

5049
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.