FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Article Id 193765


This article describes how to configure automated backup of the FortiManager/FortiAnalyzer configuration.

For this demonstration FileZilla will be used as FTP server.




All versions of FortiManager and FortiAnalyzer have a CLI option.

In versions 7.4.1 and above, a GUI option is available.


FortiManager/FortiAnalyzer Automatic backup settings can be configured through both the CLI and from GUI as of version 7.4.1.

Maintaining up-to-date system configuration backup is crucial for many environments.
FortiManager and FortiAnalyzer have an option to create this backup automatically using the following settings.

The GUI method.


Go to Dashboard -> System Information (widget) -> System Configuration -> Backup (Icon).





Under Backup System -> Schedule Backup (Tab) toggle the Enable schedule backup. Use the appropriate settings for the environment.




To review the status of the backups, check them under Backup System -> Backup History (Tab).




The CLI method.


  1. Log in to the FortiManager/FortiAnalyzer CLI:


config system backup all-settings
    set status enable
    set server ""       <----- FTP server IP address.
    set user "admin"            <-----  FTP server username.
    set directory "/fmg"
    set week_days monday tuesday wednesday thursday friday saturday sunday
    set time "18:47:00"
    set protocol ftp            <----- Use question mark to see another available protocol option.
    set passwd pass123          <----- FTP server password.


Note: Make sure the CLI directory '/fmg' is set as an FTP directory only. Do not set it with any backup config filename such as backupconfig.dat. Otherwise, the following system event log will be seen when the auto backup failed because the backup config file is not a directory in the FTP server:


FortiManager/FortiAnalyzer system event log:


2022-09-08 08:25:14 log_id=0001010009 type=event subtype=system pri=notice desc="Schedule backup notification" msg="Backup all settings started"
2022-09-08 08:25:14 log_id=0001010060 type=event subtype=system pri=warning desc="Protocol failed" msg="FTP failed: Access denied to remote resource"
2022-09-08 08:25:14 log_id=0001010010 type=event subtype=system pri=warning desc="Schedule backup warning" msg="Backup all settings failed (upload failed)"


Use the following commands to review the current settings and backups that have been created;


get system backup all-settings

get system backup status




FTP Server event log:


(000027)9/8/2022 8:25:14 AM - (not logged in) (> USER ftpuser
(000027)9/8/2022 8:25:14 AM - (not logged in) (> 331 Password required for ftpuser
(000027)9/8/2022 8:25:14 AM - (not logged in) (> PASS ************
(000027)9/8/2022 8:25:14 AM - ftpuser (> 230 Logged on
(000027)9/8/2022 8:25:14 AM - ftpuser (> PWD
(000027)9/8/2022 8:25:14 AM - ftpuser (> 257 "/" is current directory.
(000027)9/8/2022 8:25:14 AM - ftpuser (> CWD /
(000027)9/8/2022 8:25:14 AM - ftpuser (> 250 CWD successful. "/" is current directory.
(000027)9/8/2022 8:25:14 AM - ftpuser (> CWD backupconfig.dat
(000027)9/8/2022 8:25:14 AM - ftpuser (> 550 CWD failed. "/backupconfig.dat": directory not found.
(000027)9/8/2022 8:25:14 AM - ftpuser (> QUIT
(000027)9/8/2022 8:25:14 AM - ftpuser (> 221 Goodbye
(000027)9/8/2022 8:25:14 AM - ftpuser (> disconnected.



Make sure the FTP server is reachable from FortiManager/FortiAnalyzer with the following command:


exe ping x.x.x.x     <- x.x.x.x is the FTP server IP.


  1. FileZilla settings:

    Create a user in FileZilla.

  1. Configured backup file location.

FileZilla logs.
Note: If there are issues related to the FTP server, contact the FTP server team.
FortiManager side troubleshooting.
Run a sniffer and then convert the file to PCAP.
di sniffer packet any "host <FTPSERVERIP> and port 21" 3 0 l
For example:
di sniffer packet any "host and port 21" 3 0 l

Example PCAP output: