FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Description This article explains how to configure SCP backup for FortiAnalyzer/FortiManager.
Solution 1) Check the OpenSSH version on the Linux station for version 5.4 or higher.
2) Create a private/public key pair in the current directory: Assuming the user is Fortinet execute the below command under /home/fortinet ssh-keygen -f ca-key"ca-key" is private key, "ca-key.pub" is public key.
3) Set up ssh server to trust the CA key: Under home/fortinet execute echo "cert-authority $(cat ca-key.pub)" >> /home/fortinet/.ssh/authorized_keys.
4) Create a user private/public key pair: Under home/fortinet execute ssh-keygen -f user-key"user-key" is private key, "user-key.pub" is public key.
5) Sign the user key with the CA key: Under /home/fortinet execute ssh-keygen -s ca-key -I <key-id> user-key.pub<key-id> is a "key identity" that is logged by the server when the certificate is used for authentication, for example, "fortinet’s key" A separate certificate file called user-key-cert.pub will be created.
6) Decrypt the user private key: Under /home/fortinet execute openssl rsa -in user-key. Copy the output.
7) On the FAZ/FMG, enter the following commands.
# config system certificate ssh edit <cert-name> set private-key "<copy from the decrypted user key you got in step f>" <----- Do not forget to have the quotes (") before and after the text you copy/paste here. set certificate "<copy from the content of file user-key-cert.pub>" <----- Do not forget to have the quotes (") before and after the text you copy/paste here) end
8) Test backup from FortiAnalyzer/FortiManager.
# exec backup all-settings scp <scp server ip, i.e. ip address of the linux server used above> <path/filename> <username> <cert-name>
Where username is a user account on scp server, which trusts the CA key. <cert-name> is the certificate created on FAZ in step 7 above.
To schedule scp backups configure as below:
# config system backup all-settings set status enable set server <ip address of the linux server above> set user <username> set directory <backup directory on server> set week_days monday Tuesday … set time <time> set protocol scp set cert <cert-name> end
