Description
Solution
2. Configuring the server side:
This article explains how to forward logs from one FortiAnalyzer (FAZ) to another FortiAnalyzer.Note: This feature has been depreciated as of FortiAnalzyer v5.6
Solution
The source FortiAnalyzer has to be able to reach the destination FortiAnalyzer on tcp 3000.
If the option is available it would be preferable if both devices could be directly connected by unused interfaces. It will make this interface designated for log forwarding. It will save bandwidth and speed up the aggregation time.
Here is a basic example how to enable this option:
If the option is available it would be preferable if both devices could be directly connected by unused interfaces. It will make this interface designated for log forwarding. It will save bandwidth and speed up the aggregation time.
Here is a basic example how to enable this option:
1. Configuring client FortiAnalyzer:
config system aggregation-client
edit 1
set mode aggregation
set agg-password<----- This is per-shared key. It must match the settings on the destination set agg-time 1 <----- Log aggregation starting time. It is daily and represents hour of the day set server-ip <----- Specifies where the logs will be forwarded. Destination FAZ IP set server-name " " <----- Optional. Destination FAZ device name next end
config system aggregation-service set accept-aggregation enable set password <----- This is per-shared key. It must match the settings of the password on source from step 1 end