Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sathapon_SS
New Contributor II

Can I Import raw log from fortiGate to FortiAnalyzer

Hi,

 

I have had a FortiGate that is not connected to FortiAnalyzer. The FortiGate had local storage and the local report had many limitations. I want to generate a security report of the IPS log. Can I export raw IPS log from FortiGate and Import it to FortiAnalyzer and generate a report from this log?

 

Thank you.

2 REPLIES 2
ede_pfau
SuperUser
SuperUser

On the FGT there are the "exec log backup" and "exec log raw-backup" commands in CLI. You can transfer those files via ftp or tftp.

 

On the FAZ, you will first have to create the device (the FGT), then you go to "Log View", "Log Browse", "Import". There is a detailed description in the FortiAnalyzer Admin Guide/Log View/Log Browse section.

You will have to be aware of the retainment period on the FAZ, and probably have to start the SQL insertion process manually. Again, Admin Guide.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Sathapon_SS

Hi @ede_pfau ,

 

Thank you for the step. The CLI "exec log backup" and "exec log raw-backup" can export only all logs right? Can I specify only the IPS log? My firewall had the log size in the local storage of about 60-70GB. I think It will take a long time to transfer.

 

Thank you.

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors