Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wallaceee
New Contributor II

Created on ‎01-20-2023 02:26 AM

How to download logs from Fortianalyzer but limited to specific fields

Hello,

 

I'm struggling with log download from Fortianalyzer, where I don't want to download full spectrum of fields available in the logs. I thought that adjusting the columns settings would do the thing, however downloaded file still contains all columns and not the only I specified. Does anyone have experience in this matter how to adjust download log settings? I need to make the logs dump as light as possible. 

Labels:
2397
5 REPLIES 5
gfleming
Staff
Staff

Created on ‎01-20-2023 01:42 PM

You can download as CSV and remove fields using Excel or other methods

 

https://docs.fortinet.com/document/fortianalyzer/7.2.1/administration-guide/382067/downloading-log-m...

Cheers,
Graham
2384
Araujoctr
New Contributor II
In response to gfleming

Created on ‎01-23-2023 05:19 AM

Boa pela link compartilhado.

2363
0 Kudos
wallaceee
New Contributor II

Created on ‎01-22-2023 10:30 PM

I'm looking for different method as file I'm downloading has more than 3mln of records and Excel's maximum row limit is 1,048,576.

2367
0 Kudos
Debbie_FTNT
Staff
Staff
In response to wallaceee

Created on ‎01-23-2023 05:10 AM

Hey wallaceee,

I didn't really find a method to specify what log fields should be included/excluded when manually downloading logs from FortiAnalyzer.

 

There are two options you could consider:

- downloading log files from Log View > Log Browse instead

-> those should contain all the entries you need (plus a lot extra) over multiple individual files; you could freely modify the files in a text-editor to get something more usable, and shouldn't run into particular size constraints as the individual files should only be up to a few hundred MB (depends a bit on your log settings)

 

- log forwarding to a syslog/CEF server

-> if you set up log forwarding on FortiAnalyzer to a syslog/CEF server (NOT another Analyzer) you have the option to set 'Enable Exclusions' and can specify fields there; those fields should then NOT be included in log messages forwarded to syslog/CEF

Debbie_FTNT_0-1674479235164.png

-> this wouldn't help much with an on-demand download scenario, but if you need to set up something more long-term with log messages and want to filter out fields, this would be the way to go

 

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
2364
gfleming
Staff
Staff
In response to wallaceee

Created on ‎01-23-2023 08:40 AM

Just filter for the logs you want to view and then download only those logs in CSV. You do not need to download the entire logfile. Review the link I posted to understsand how to filter logs and set a timeframe. 

 

Cheers,
Graham
2358
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.