Description
This article describes how to export rolled log files in readable format (text/CSV) from FortiAnalyzer.
Scope
FortiAnalyzer.
Solution
1) By default, the rolled log files that are configured to be exported to an external server will be in 'native' format. Rolled log files which are in native format are not fully readable as per the below sample log content.
ìÏÌA
¾[1]c‚8qFGVM010000108296FGT-XXXroot[1] ñ�date=2022-11-27 time=00:01:53 event� ð�1669478512747728963 tz="+0800" logid="00010 ò�4" type="traffic" sub� ð"local" level="notice" vd="root" srcip=1XXX.XXX.XXX.XXX� port=20030
Hintf/ ð�ntfrole="undefined" dstG ÐXXX.XXX.XXX.XXX� J 0443
[1]H � �11 I ó srccountry="Reserv_ ñCanada" sessionid=1409509 proto=6 action="> ð r-rst" policyid=0 ðice="HTTPS" trandispuop" app� AduraM ñ�21 sentbyte=3052 rcvd
2990� apkt=16
2) To change the format for the exported rolled log files, use the following command to change it to either 'text' or 'csv' format.
# config system log settings
# config rolling-regular
set log-format <text/csv>
end
end
3) Once the log settings are updated, the exported rolled log file will be in a readable format. Below is an example of a rolled log file content exported in “text” format.
logver=0702021255 idseq=271780496587882496 itime=1669478515 devid="FGVM01000010XXXX" devname="FGT-XXX" vd="root" date=2022-11-27 time=00:01:53 eventtime=1669478512747728963 tz="+0800" logid="0001000014" type="traffic" subtype="local" level="notice" srcip= XXX.XXX.XXX.XXX srcport=20030 srcintf="root" srcintfrole="undefined" dstip=XXX.XXX.XXX.XXX dstport=443 dstintf="port1" dstintfrole="undefined" srccountry="Reserved" dstcountry="Canada" sessionid=1409509 proto=6 action="server-rst" policyid=0 service="HTTPS" trandisp="noop" app="HTTPS" duration=21 sentbyte=3052 rcvdbyte=9901 sentpkt=16 rcvdpkt=17 appcat="unscanned"
