FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Sabk_FTNT
Staff
Staff
Description

This article describes how to reduce the size of uploaded files.


Sometimes the size of log files uploaded by FortiAnalyzer are much larger than the rollover file size defined in log setting.


Uploaded log file of size 1500KB or above may be seen with settings:

config system log settings
    config rolling-regular
        set file-size 500
        set upload enable
        set when daily
        set directory "/"
        set ip 192.192.192.1
        set log-format csv
        set username "XXX"
    end
end


Solution
The rolling log file size is in native log format, the size of log files can be seen in the GUI in FortiView > Log View > Log Browse.

For uploaded log files, the size vary according to the format selected, for example:
 
-  CSV uncompressed is the format that generate the larger files.
  -  Native format generate smaller files. 

To reduce the size of uploaded files, the gzip compressed format can be selected:
config system log settings
   config rolling-regular

      set upload enable
      set gzip-format enable
   end
This example bellow shows the storage space required for a log file of size 571KB on FortiAnalyzer:

downloaded-file-size.jpg



Contributors