Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Log database SQL queries from CLI


The only reference I managed to find on FAZ CLI commands usable for placing SQL queries was the outdated Version 4.0 MR2 -- SQL Log Database Query Technical Note. The database schema is no longer visible with "get report database schema" in 5.2.x, my production version. "SELECT * FROM pg_tables" works, but I couldn't find a way to use the tables listed, nor the tables listed in "table_ref".

I need a way to access the log database because the internal SQL ADOM filter prevents any queries that encompass several ADOMs. I would very much like to avoid building my own external SQL log database, with or without an intermediary application using FAZ API, because a lot of information regarding the way raw logs are linked and indexed in the FAZ is proprietary, and I think I could never succeed in building a fully usable log database.

Is there a solution to use the FAZ logs device-wise or network-wise and not merely ADOM-wise? Are Fortinet cooking their own SIEM, or shall forever leave this market to the kind of HP and IBM?


Cristian P