Technical Tip: How to convert FortiOS LZ4 log files to readable format

vsharma · ‎01-27-2025

Description

This article provides instructions on how to use the lz4_reader-2.0 tool to convert log files saved on FortiOS in the LZ4 format into a readable format.

Scope

FortiGate, Linux, Windows

Solution

FortiGate log files are compressed using the lz4 algorithm, but not in the exact same format as regular lz4 files. It has its own structure. It can only be decoded using this tool.

Prerequisites

Download the lz4_reader-2.0.tar.gz file (attachment) and extract its contents.
Ensure Java is installed on the system, as the tool requires it to run.

To decode a log file and save the readable output in the current directory, use the following command:

$ java -jar log_reader-2.0.jar tlog.xxx.root.xxx -o ./

This will decode the tlog.xxx.root.xxx file and save the output in the same directory where the command is executed.

To specify a different directory for saving the decoded logs, run the following command:

$ java -jar log_reader-2.0.jar tlog.xxx.root.xxx -o logs

This will decode the log file and save the results in the 'logs' directory.

Note:

The tool has been temporarily removed due to a critical bug, and the fixed version will be provided once it is ready.

Related article:

Technical Tip: How to export logs from disk to a FTP server

Technical Tip: How to convert FortiOS LZ4 log files to readable format

You are leaving our website