Description
This article describes how to transfer/move archived logs from one FortiAnalyzer to another via Log Fetch.
Scope
FortiAnalyzer.
Solution
Things to take note of:
- Both FortiAnalyzers must be running on the same firmware version.
- The FortiAnalyzer log-fetch role is as follows:
Client: FortiAnalyzer that fetches/receives log.
Server: FortiAnalyzer that sends log.
Configuration Steps:
In this article:
- FortiAnalyzer v7.4.1 is used as an example.
- Log-fetch role and Hostname for both FortiAnalyzers are as follows:
Client: FAZ-A-Client (receive logs).
Server: FAZ-B-Server (send logs).
-
Navigate to FAZ-A-Client -> System Settings -> Advanced -> Log Fetch -> Profiles -> Create New.
For v7.2: the Log Fetch profile can be found under System Settings -> Fetcher Management. - Enter the required details -> select OK.
|
Name |
<Log Fetch profile name> |
|
Server IP |
<FAZ-B-Server IP address> |
|
User |
<FAZ-B-Server username> |
|
Password |
<FAZ-B-Server user credential> |
- Once done, select the profile -> select Request Fetch.
- Proceed to enter all the details -> select Request Fetch.
- Next, navigate to FAZ-B-Server -> System Settings -> Advanced -> Log Fetch -> Sessions -> Create New.
For v7.2: the Log Fetch profile can be found under System Settings > Fetcher Management.
6. Select Review -> review the request details -> proceed to Approve/Reject.
- Once approved, FAZ-B-Server will display the progress bar under Received Request -> Status.
- Once the transfer is completed, FAZ-A-Client will show Done under Fetch Request -> Status.
- To verify the logs, select the correct ADOM and navigate to FAZ-A-Client -> Log View -> Log Browse.
Note: Ensure the device is added in FAZ-A-Client under the device manager, otherwise the archived log file will not be visible.
Related articles:
