FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Article Id 193765


This article describes how to configure automated backup of the FortiManager/FortiAnalyzer configuration.

For this demonstration FileZilla will be used as FTP server.


FortiManager/FortiAnalyzer Automatic backup setting can be done only from CLI only.

1) Login to FortiManager/FortiAnalyzer CLI:

# config system backup all-settings
    set status enable
    set server ""       <----- FTP server IP address
    set user "admin"            <-----  FTP server username
    set directory "/fmg"
    set week_days monday tuesday wednesday thursday friday saturday sunday
    set time "18:47:00"
    set protocol ftp            <----- Use question mark to see another available protocol option.
    set passwd pass123          <----- FTP server password


Make sure the CLI set directory '/fmg' is set to FTP directory only, do not set with any backup config filename e.g. backupconfig.dat. Else, you will see the following system event log when the auto backup failed as the backup config file is not a directory in the FTP server. 


FortiManager/FortiAnalyzer system event log:

2022-09-08 08:25:14 log_id=0001010009 type=event subtype=system pri=notice desc="Schedule backup notification" msg="Backup all settings started"
2022-09-08 08:25:14 log_id=0001010060 type=event subtype=system pri=warning desc="Protocol failed" msg="FTP failed: Access denied to remote resource"
2022-09-08 08:25:14 log_id=0001010010 type=event subtype=system pri=warning desc="Schedule backup warning" msg="Backup all settings failed (upload failed)"


FTP Server event log:


(000027)9/8/2022 8:25:14 AM - (not logged in) (> USER ftpuser
(000027)9/8/2022 8:25:14 AM - (not logged in) (> 331 Password required for ftpuser
(000027)9/8/2022 8:25:14 AM - (not logged in) (> PASS ************
(000027)9/8/2022 8:25:14 AM - ftpuser (> 230 Logged on
(000027)9/8/2022 8:25:14 AM - ftpuser (> PWD
(000027)9/8/2022 8:25:14 AM - ftpuser (> 257 "/" is current directory.
(000027)9/8/2022 8:25:14 AM - ftpuser (> CWD /
(000027)9/8/2022 8:25:14 AM - ftpuser (> 250 CWD successful. "/" is current directory.
(000027)9/8/2022 8:25:14 AM - ftpuser (> CWD backupconfig.dat
(000027)9/8/2022 8:25:14 AM - ftpuser (> 550 CWD failed. "/backupconfig.dat": directory not found.
(000027)9/8/2022 8:25:14 AM - ftpuser (> QUIT
(000027)9/8/2022 8:25:14 AM - ftpuser (> 221 Goodbye
(000027)9/8/2022 8:25:14 AM - ftpuser (> disconnected.



Make sure FTP server is reachable from FortiManager/FortiAnalyzer, use below command:

# exe ping x.x.x.x              <----- x.x.x.x is FTP server IP.

2) FileZilla setting:

Create user in FileZilla.

3) Configured backup file location.

FileZilla logs.

If there is issue Related to FTP server, contact the FTP server team.
FortiManager side troubleshooting.
Run sniffer and then convert the file in PCAP.
# di sniffer packet any "host <FTPSERVERIP> and port 21" 3 0 l
# di sniffer packet any "host and port 21" 3 0 l
PCAP sample output as below.