Help
FortiSIEM Discussions
adem_netsys
Contributor

Created on ‎09-29-2024 12:17 PM

Enterprise to Service Provider

Hi,

We have a SIEM that we currently use as Enterprise. If we archive all the logs here on NFS and want to reinstall the product as a service provider, will we have a chance to see the old logs we archived? Does anyone have any idea?

240
0 Kudos
2 REPLIES 2
premchanderr
Staff
Staff

Created on ‎09-29-2024 09:55 PM

Hi @adem_netsys ,

 

Please note that backup the current data and restore it once you had provisioned the new FortiSIEM on Service Provider is not an option since directories and databases change from one type to another by design. There is no official document and support for this. 

Archive should be fresh disk, cannot Test and save a disk with data.  At your own risk you can test by copying old data to online storage and then move to archive manually.  

Regards,
Prem Chander R
218
0 Kudos
Secusaurus
Contributor II

Created on ‎09-29-2024 11:14 PM

Hello @adem_netsys,

 

In my experience, every time I do major changes to the database setup (ip address, storage system, moving databases, etc.), the system has some issues in the rules and incidents.

Therefore, I would highly recommend not to transfer the data - and, btw, consider moving to ClickHouse in this step as well.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
207
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.