Can I Import raw log from fortiGate to FortiAnalyzer
I have had a FortiGate that is not connected to FortiAnalyzer. The FortiGate had local storage and the local report had many limitations. I want to generate a security report of the IPS log. Can I export raw IPS log from FortiGate and Import it to FortiAnalyzer and generate a report from this log?
On the FGT there are the "exec log backup" and "exec log raw-backup" commands in CLI. You can transfer those files via ftp or tftp.
On the FAZ, you will first have to create the device (the FGT), then you go to "Log View", "Log Browse", "Import". There is a detailed description in the FortiAnalyzer Admin Guide/Log View/Log Browse section.
You will have to be aware of the retainment period on the FAZ, and probably have to start the SQL insertion process manually. Again, Admin Guide.
Thank you for the step. The CLI "exec log backup" and "exec log raw-backup" can export only all logs right? Can I specify only the IPS log? My firewall had the log size in the local storage of about 60-70GB. I think It will take a long time to transfer.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.