FortiView>Sources can only go back 24hrs?

finsfree · ‎06-10-2021

When viewing the "Source" tab under "Fortiview" I can only go as far back as 24hrs. I can see the options for "7 days" is grayed out.

How can I see logs more then 24hrs old?

Thanks,

jiyong · ‎08-07-2024

Hi finsfree,

Are you use Fortigate low-end model?

Desktop models (for example: under 100D) with SSD only supports five minutes and one hour view.
Medium models (for example: 200D, 500D) with SSD supports up to 24 hours view.
Large models (for example: 1500D and above) with SSD supports up to seven days view.

sw2090 · ‎08-07-2024

exactly. The reason for this is that logs are stored in memory only since those do not have a harddisk to store logs on. This in addition means that you will loose all stored logs if the FGT looses power or is rebooted or shut down! The only way to enable oneself to get older logs is to send logs to external service like sylog server or a FortiAnalyzer. A syslogd or FAZ will permanently store logs sent to it and you will not loose them on shutdown or reboot of the FGT.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

FortiView>Sources can only go back 24hrs?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website