|
Description |
This article describes how to configure FortiGate to send logs to multiple FortiAnalyzer as well as to verify the connectivity between them. |
|
Scope |
FortiAnalyzer/FortiGate. |
|
Solution |
1) It is possible to have FortiGate send logs to 3 different FortiAnalyzers.
2) Only the first FortiAnalyzer can be added via the GUI under Security Fabric -> Fabric Connector -> FortiAnalyzer Logging.
3) The other 2 FortiAnalyzers’ IP addresses and Serial Number, can only be added using the CLI:
# config log fortianalyzer2 setting set status enable set server x.x.x.x set serial FAZ-VMYYYYYYY set upload-option <realtime/1-minute/5-minute> end
# config log fortianalyzer3 setting set status enable set server x.x.x.x set serial FAZ-VMYYYYYYY set upload-option <realtime/1-minute/5-minute> end
4) Log in to each FortiAnalyzer and authorize the FortiGate.
5) Run the following commands to test the connectivity and verify if logs are sent to all 3 FortiAnalyzers. Verify also the FortiAnalyzer Host Name and Serial Number.
# execute log fortianalyzer test-connectivity <----- Test 1st FortiAnalyzer. # execute log fortianalyzer test-connectivity 2 <----- Test 2nd FortiAnalyzer. # execute log fortianalyzer test-connectivity 3 <----- Test 3rd FortiAnalyzer.
 |
