How to download logs from Fortianalyzer but limited to specific fields
I'm struggling with log download from Fortianalyzer, where I don't want to download full spectrum of fields available in the logs. I thought that adjusting the columns settings would do the thing, however downloaded file still contains all columns and not the only I specified. Does anyone have experience in this matter how to adjust download log settings? I need to make the logs dump as light as possible.
-> those should contain all the entries you need (plus a lot extra) over multiple individual files; you could freely modify the files in a text-editor to get something more usable, and shouldn't run into particular size constraints as the individual files should only be up to a few hundred MB (depends a bit on your log settings)
- log forwarding to a syslog/CEF server
-> if you set up log forwarding on FortiAnalyzer to a syslog/CEF server (NOT another Analyzer) you have the option to set 'Enable Exclusions' and can specify fields there; those fields should then NOT be included in log messages forwarded to syslog/CEF
-> this wouldn't help much with an on-demand download scenario, but if you need to set up something more long-term with log messages and want to filter out fields, this would be the way to go
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Just filter for the logs you want to view and then download only those logs in CSV. You do not need to download the entire logfile. Review the link I posted to understsand how to filter logs and set a timeframe.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.