Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Pham_Phu_Cuong
New Contributor

How to stop FortiAnalyzer from receiving

Hi guys,

 

I'm wondering if there is a way for me to stop my FAZ (VM) from receiving the logs from other Fortigates, that is without changing the IP address or routing on the FAZ.

 

Basically what I want to do is to stop FAZ and let the FGTs keep the logs for a while , to do the upgrading, then let it resume receiving logs.

 

Anyone have any ideas?

 

Thanks,

Pham Phu Cuong

2 REPLIES 2
Toshi_Esumi
Esteemed Contributor III

I looked through CLI but it doesn't seem to have any convenient command you're looking for. Only option seems to be a routing change, like removing the default after leaving a /32 route for your access to the unit.

abelio
Valued Contributor

Hi,

you didn't mention it in your post,  but, assuming your fortigates have disks, you could use 'store-and-upload' logging option.

Enabling that you also can fine tune upload interval using cli: #config log fortianalyzer setting     set store-and-upload enable     set upload interval {daily|weeky| monthly}

   ......

end

 

 

 

    

regards




/ Abel

regards / Abel
Top Kudoed Authors