Description

This article describes a script for automatically compressing FSSO Collector Agent's debug logs for the purposes of extending the log coverage and decreasing the total log size on disk, and provides example guidelines for implementing it. This may be useful when troubleshooting situations where the issue is not immediately reproducible or happens unpredictably.

Scope

Assumptions and requirements:

• Any modern version of FSSO Collector Agent (5.x.x) running on a supported version of Windows Server.
• PowerShell version that supports the Compress-Archive cmdlet (e.g. PowerShell Desktop version 5 or newer).
• The maximum supported debug log file size is 2 GB. Bigger log files will fail to be archived (this is a limitation of the Compress-Archive cmdlet).

Solution

The core of this solution is a PowerShell script which performs the following actions:

• Checks if file collectoragent.log.bak exists. It exits with no further actions if not, and continues if so.
• Renames the file to include timestamps in the filename.
• Compresses the file into a zip file with the same name and deletes the original file to save disk space.
• (Optional) Moves the resulting file to a different folder.

The script must be placed into the FSSO Collector Agent install folder (default: C:\Program Files (x86)\Fortinet\FSAE\ ) and must be run by an account with read/write rights in the folder.

The script can be executed manually at any time, or integrated into an automation process that can run it with a sufficient frequency. An automation guide using the built-in Windows Task Scheduler follows below.

Task Scheduler Configuration Step by Step:

1. Open the Task Scheduler.
2. Select 'Create Task' in the 'Actions' panel on the right-hand side.
3. Configure the general settings:
   • Name: As desired.
   • In the Security options section, select a user account with read/write rights in the FSSO Collector install folder.
   • Select 'Run whether user is logged on or not'.
4. Configure the task trigger:
   • Begin: On a schedule.
   • Setting: One time; select current date's past midnight (a past date will ensure immediate start of the task once created).
   • Enable and set 'Repeat task every 5 minutes for a duration of indefinitely'.
5. Configure the action:
   • Action: Start a program.
   • Program/script: powershell.exe
   • Arguments: -File .\FSSOCA_log_archiver.ps1
   • Start in: Type in the FSSO Collector install folder. By default: C:\Program Files (x86)\Fortinet\FSAE\
6. Configure the Settings tab:
   • Enable 'Run task as soon as possible after a scheduled start is missed'.
7. Select OK to save and create the task.

The script will now trigger at five-minute intervals, with the next scheduled time shown in the 'Next Run Time' column of the main Task Scheduler panel.

Screenshots with the important options highlighted:

Task Scheduler - General

Task Scheduler - Triggers

Task Scheduler - Actions

Task Scheduler - Settings