Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wallaceee
New Contributor II

How to download logs from Fortianalyzer but limited to specific fields

Hello,

 

I'm struggling with log download from Fortianalyzer, where I don't want to download full spectrum of fields available in the logs. I thought that adjusting the columns settings would do the thing, however downloaded file still contains all columns and not the only I specified. Does anyone have experience in this matter how to adjust download log settings? I need to make the logs dump as light as possible. 

5 REPLIES 5
gfleming
Staff
Staff

You can download as CSV and remove fields using Excel or other methods

 

https://docs.fortinet.com/document/fortianalyzer/7.2.1/administration-guide/382067/downloading-log-m...

Cheers,
Graham
Araujoctr
New Contributor II

Boa pela link compartilhado.

wallaceee
New Contributor II

I'm looking for different method as file I'm downloading has more than 3mln of records and Excel's maximum row limit is 1,048,576.

Debbie_FTNT

Hey wallaceee,

I didn't really find a method to specify what log fields should be included/excluded when manually downloading logs from FortiAnalyzer.

 

There are two options you could consider:

- downloading log files from Log View > Log Browse instead

-> those should contain all the entries you need (plus a lot extra) over multiple individual files; you could freely modify the files in a text-editor to get something more usable, and shouldn't run into particular size constraints as the individual files should only be up to a few hundred MB (depends a bit on your log settings)

 

- log forwarding to a syslog/CEF server

-> if you set up log forwarding on FortiAnalyzer to a syslog/CEF server (NOT another Analyzer) you have the option to set 'Enable Exclusions' and can specify fields there; those fields should then NOT be included in log messages forwarded to syslog/CEF

Debbie_FTNT_0-1674479235164.png

-> this wouldn't help much with an on-demand download scenario, but if you need to set up something more long-term with log messages and want to filter out fields, this would be the way to go

 

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
gfleming

Just filter for the logs you want to view and then download only those logs in CSV. You do not need to download the entire logfile. Review the link I posted to understsand how to filter logs and set a timeframe. 

 

Cheers,
Graham
Labels
Top Kudoed Authors