Hi,
I need to have an estimation of the log sizes generated by my firewall everyday in order to purchase a suitable license for my Fortianalyzer or a similar log solution. The firmware is 6.4.x.
I thought of clearing logs, coming up tomorrow and find the log size on the disk but maybe there are some better ways to find except that clearing valuable logs on my 200 series firewalls.
Regards,
I just want to disable syslogd forwarding the accepted flows if possible for all the rules and my remote logger is not fortianalyzer
in CLI:
conf log syslogd filter
and get the options by typing
'set ?'
IMHO setting up a FAZ-VM without license would be the most accurate way to see what is coming onto you. The dashboard of the FAZ clearly shows logs/sec, GB/day etc. etc.
Unlicensed VMs run for 14 days for free.
You can even aquire a FAZ license after/during the trial, register it, get the license file and import it into the trial VM - no re-configuration, fully operational.
Speaking of FAZ, I've a question about how licensing works. Let's say we have a 1GB/Day license. If the input log size exceeds 1GB in a day, what happens exactly? Collecting logs stops completely? Logs are collected but only 1GB per day are analyzed and available to make reports? or any other method?
Regards,
Created on 04-25-2022 12:48 AM Edited on 04-25-2022 12:48 AM
If logging volume exceeds the licenced volume, FortiAnalzyer does not forcibly drop logs, stop processing them or not use them in reporting, but there can be performance issues which can eventually lead to loss of logs.
See https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-Minimizing-logging-from-FortiGate-to/...
"Although FortiAnalyzer VM will try its best not to drop logs, consistently running over capacity will eventually lead to undetermined behavior. This is because all FortiAnalyzer VM functions are validated within the licensed limit; the behavior beyond that limit is deemed to be unsupportable."
If you run into issues while exceeding licence, FortiAnalyzer support will not be able to investigate until you have resolved the licencing issue.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.