FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
danielzhong
Staff
Staff
Article Id 367015
Description This article describes how to enable the upload of Logs and Reports to the FTP server in FortiAnalyzer. 
Scope FortiAnalyzer.
Solution

In FortiAnalyzer, except for using the following commands to backup Logs and Reports to the FTP server, there are other options that can be enabled to upload Logs and Reports to the FTP server.

 

CLI commands to backup Logs and Reports:

  • To back up both logs and associated DLP archive files:

 

execute backup logs <device name(s)| all> <ftp/sftp/scp> <ip> <user name> <password> <directory> 

 

  • To back up logs only:

 

execute backup logs-only <device name(s)| all> <ftp/sftp/scp> <ip> <user name> <password> <directory> 

 

  • To Backup Reports:


   execute backup reports <report name or all> <ftp/sftp/scp> <ip> <user name> <password> <directory>


Another option to enable upload logs to the FTP server:

On FortiAnalyzer GUI, go under System settings -> Advanced -> Device Log Settings and enable the 'upload logs using a standard file transfer protocol' option.

 

upload_device_log_to_FAZ.png


Enable upload reports to the FTP server:
Create an Output Profile under the FortiAnalyzer GUI -> Reports -> Advanced -> Output Profile, and enable 'Upload Report to Server'.

  output_profile.png

 

On the report settings, enable 'Enable Notification' and select the Output Profile with the enabled 'Upload Report to Server' option.

 

Report_settings.png

 

Troubleshooting:

Following CLI commands can be run before starting back up to the FTP/SFTP server:

 

   diag debug app curl -1

   diag debug enable

 

Related documents:

Technical Tip: Backup and restore of FortiAnalyzer settings, logs and reports

Configuring rolling and uploading of logs using the GUI

Creating output profiles