Can I Import raw log from fortiGate to FortiAnalyzer

Sathapon_SS · ‎12-13-2022

Hi,

I have had a FortiGate that is not connected to FortiAnalyzer. The FortiGate had local storage and the local report had many limitations. I want to generate a security report of the IPS log. Can I export raw IPS log from FortiGate and Import it to FortiAnalyzer and generate a report from this log?

Thank you.

ede_pfau · ‎12-13-2022

On the FGT there are the "exec log backup" and "exec log raw-backup" commands in CLI. You can transfer those files via ftp or tftp.

On the FAZ, you will first have to create the device (the FGT), then you go to "Log View", "Log Browse", "Import". There is a detailed description in the FortiAnalyzer Admin Guide/Log View/Log Browse section.

You will have to be aware of the retainment period on the FAZ, and probably have to start the SQL insertion process manually. Again, Admin Guide.

Ede Kernel panic: Aiee, killing interrupt handler!

Sathapon_SS · ‎12-13-2022

Hi @ede_pfau ,

Thank you for the step. The CLI "exec log backup" and "exec log raw-backup" can export only all logs right? Can I specify only the IPS log? My firewall had the log size in the local storage of about 60-70GB. I think It will take a long time to transfer.

Thank you.

Can I Import raw log from fortiGate to FortiAnalyzer

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website