Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Sabk_FTNT
Staff
Staff

Created on ‎11-07-2016 06:50 AM Edited on ‎11-11-2024 06:29 AM By Moderator

Article Id 191233

Technical Note: FortiAnalyzer logfile size and rolling

Description

 

This article describes how to reduce the size of uploaded files.


Sometimes, the size of log files uploaded by FortiAnalyzer is much larger than the rollover file size defined in log settings.

An uploaded log file of size 1500KB or above may be seen with these settings:

 

config system log settings
    config rolling-regular
        set file-size 500
        set upload enable
        set when daily
        set directory "/"
        set ip 192.192.192.1
        set log-format csv
        set username "XXX"
    end
end



Solution

 

The rolling log file size is in a native log format, and the size of log files can be seen in the GUI in FortiView -> Log View -> Log Browse.

For uploaded log files, the size varies according to the format selected. For example:
  • CSV uncompressed is the format that generate the larger files.
  • Native format generates smaller files. 
 
To reduce the size of uploaded files, the gzip compressed format can be selected:
 
config system log settings
   config rolling-regular
      set upload enable
      set gzip-format enable
   end
 
The example below shows the storage space required for a log file of size 571KB on FortiAnalyzer:

downloaded-file-size.jpg
3445
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.