1. To use the store-and-upload option when sending logs to FortiAnalyzer, the FortiGate has to be equipped with a hard disk for logs to be stored there and then sent to FortiAnalyzer during the desired period.

FGT # get system status

……

Log hard disk: Available

…..

2. Configure the following FortiAnalyzer logging settings command on the FortiGate CLI, the default store-and-upload setting will send the logs daily at the specified upload time:

FGT # config log fortianalyzer setting

FGT #     set status enable

FGT #     set server <FortiAnalyzer IP>

FGT #     set serial <FortiAnalyzer Serial Number>

FGT #     set upload-option store-and-upload

FGT #     set upload-time 13:30               <----- Specified in <hh:mm>.

FGT # end

3. Note that the FortiGate logs need to be rolled first before being uploaded to FortiAnalyzer. Hence, it is recommended to configure log rolling before the specified upload time.

FGT # config log disk setting

FGT #     set status enable

FGT #     set roll-time 13:27

FGT # end

4. Once this is successful, it is possible to verify on the FortiAnalyzer side that the Logging Mode is now changed to 'Store And Upload'.

5. The following debug commands can be run on the FortiGate to verify if the logs are being uploaded to FortiAnalyzer during the specified upload time.

FGT # diagnose debug application uploadd -1

FGT # diagnose debug enable