Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rcpdkc
Contributor II

Created on ‎05-31-2024 12:47 AM

FortiAnalyzer Log Settings

How exactly do we look at the historical logs in FortiAnalyzer? Although 720 days of logs are selected, it shows a maximum of 400 days, what could be the reason for this?

Labels:
561
0 Kudos
6 REPLIES 6
Sheikh
Staff
Staff

Created on ‎05-31-2024 01:24 AM

Hello @rcpdkc 

 

How are the retention values defined in Fortianalyzer ? This article might help.

 

https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-How-to-set-log-retention-values-in-Fo...

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
549
rcpdkc
Contributor II

Created on ‎05-31-2024 04:46 AM

When I look at the picture below, it will remain in the device memory for 720 days and when it comes to the top, it will archive, is this information correct?

 

an1.PNG

505
0 Kudos
jasonhong
Staff
Staff
In response to rcpdkc

Created on ‎06-11-2024 05:38 PM

In FortiAnalyzer (FAZ), below are the two key log types.

  • Archive logs: When a real-time log file in Archive has been completely inserted, that file is compressed and considered to be offline.
  • Analytics logs or historical logs: Indexed in the SQL database and online.

 

When viewing the Storage Info based on your screenshot, the 720 days is the number of days worth of Archive logs that you have configured in the ADOM Data Policy. This means that you have configured FAZ to keep 720 days worth of archive logs, assuming there is sufficient disk storage in the ADOM.

To better understand Archive & Analytics logs, you may refer to below doc link.

https://docs.fortinet.com/document/fortianalyzer/7.2.5/administration-guide/761825/analytics-and-arc...

  •  
366
0 Kudos
rcpdkc
Contributor II

Created on ‎05-31-2024 04:48 AM

Also, when I look at this picture, no files will be deleted because there are no adjustments. Is that correct?an2.PNG

504
0 Kudos
jasonhong
Staff
Staff
In response to rcpdkc

Created on ‎06-11-2024 05:40 PM

Yes, you have not configured for automatic log deletion. Hence, FAZ will not proceed to delete logs automatically.

 

However, log deletion will still happen based on the automatic deletion policies as defined in below doc link.

https://docs.fortinet.com/document/fortianalyzer/7.2.5/administration-guide/87802/automatic-deletion

364
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.