Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
cborgato_FTNT
Staff
Staff

Created on ‎04-04-2017 02:21 AM Edited on ‎08-20-2025 10:42 PM By Community Manager

Article Id 191178

Technical Tip: How to migrate logs between ADOMs on a FortiAnalyzer

Description

 
This article provides a possible procedure on how to migrate logs between ADOMs on v5.4. The same procedure can be applied for v5.0 and v5.2 ADOM versions.
 
Scope
 
FortiAnalyzer.


Solution

 

This process can be useful if it is necessary to reorganize device logs in a different new ADOM design.

In this case, it is necessary to migrate logs from the original ADOM to another (or new) ADOM.  This procedure can be applied only between the same ADOM versions.
cborgato_FD40383_tn_FD40383-1.jpg

Backup configuration:
The backup can be done from the Web GUI.
cborgato_FD40383_tn_FD40383-2.jpg

Or via CLI
 
execute backup all-settings {<devices_str> [ftp | scp | sftp | tftp]<server_ipv4> <username_str> <password_str> <directory_str>}
 
Example
 
execute backup all-settings scp 1.2.3.4 /path user1 pwd1

Backup logs for specific FortiGate to migrate.

The backup must  be done from CLI:
 
execute backup logs {<devices_str> [ftp | scp | sftp | tftp]<server_ipv4> <username_str> <password_str> <directory_str>}

Example:
 
execute backup logs FGVM010000011262 scp 1.2.3.4 user1 pwd1 /home all

Create a new ADOM 5.4 for the FortiGate and move it there. Go to System Settings -> All ADOMs and select 'Create New'.
cborgato_FD40383_tn_FD40383-3.jpg

Add the FortiGate to the new ADOM 5.4 and select 'Ok'.
cborgato_FD40383_tn_FD40383-4.jpg

Check that the FortiGate is in the new ADOM. Go to 'Device Manager' and check the FortiGate is in the new ADOM (ADOM_B)

If it is not yet showing in the new ADOM, try to log out, then login and check again.
cborgato_FD40383_tn_FD40383-5.jpg

Check logs on 'LogView'.

Go to 'Log View' and switch between the 2 ADOMs.  The logs should still be seen under the old ADOM (ADOM_A) and new ADOM will be empty (ADOM_B).

Perform SQL rebuild from CLI.
 
execute sql-local rebuild-db

The rebuild process may take a long time (possibly even hours), depending on the size of the database, a reboot will be required.
cborgato_FD40383_tn_FD40383-6.jpg

Check again the logs on 'FortiView'. Go to 'Log View'. The logs should now be seen to have moved under the new ADOM  (ADOM-B).
cborgato_FD40383_tn_FD40383-7.jpg

 

Related articles:

Technical Note: Missing logs - How to migrate former standalone FortiGate devices to HA Cluster on F...

Technical Note: Missing logs - Manual migration of former standalone FortiGate devices to HA Cluster...

Technical Note: How to move a device from one ADOM to another on the FortiAnalyzer

6343
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.