FortiSIEM Discussions
adem_netsys
Contributor

Enterprise to Service Provider

Hi,

We have a SIEM that we currently use as Enterprise. If we archive all the logs here on NFS and want to reinstall the product as a service provider, will we have a chance to see the old logs we archived? Does anyone have any idea?

2 REPLIES 2
premchanderr
Staff
Staff

Hi @adem_netsys ,

 

Please note that backup the current data and restore it once you had provisioned the new FortiSIEM on Service Provider is not an option since directories and databases change from one type to another by design. There is no official document and support for this. 

Archive should be fresh disk, cannot Test and save a disk with data.  At your own risk you can test by copying old data to online storage and then move to archive manually.  

Regards,
Prem Chander R
Secusaurus
Contributor II

Hello @adem_netsys,

 

In my experience, every time I do major changes to the database setup (ip address, storage system, moving databases, etc.), the system has some issues in the rules and incidents.

Therefore, I would highly recommend not to transfer the data - and, btw, consider moving to ClickHouse in this step as well.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"