Description
This article provides basic information on why the log files sent to an FTP server contain unreadable parts when viewed in a standard text editor such as Notepad, and what is the way to change this for future auto-backups.
Scope
FortiAnalyzer.
Solution
When the backup configuration is created via GUI, by default the log format is 'native' (LZ4 compressed binary) because this backup is intended to be restored back to a FortiAnalyzer, in the case of a malfunction and loss of data.
More options are available in the CLI, where the log-format can be changed to a human-readable 'text' or 'CSV':
config system log settings
config rolling-regular
set upload enable
set when daily
set directory "/FAZ/LOG-BACKUP"
set log-format text <----------- {native|text|csv}
set rolling-upgrade-status 1
set server "10.10.10.10"
set username "FiTPi"
config rolling-regular
set upload enable
set when daily
set directory "/FAZ/LOG-BACKUP"
set log-format text <----------- {native|text|csv}
set rolling-upgrade-status 1
set server "10.10.10.10"
set username "FiTPi"
set password **********
end
end
end
end
Note:
This only applies to the logs sent to the backup server after changing the configuration.
The logs stored on the FortiAnalyzer disk, are still kept in 'native' format.
