To meet our conformity requirements, our organization sends all FortiGate logs to a syslog server. However, approximately 90% of these logs have limited usefulness for security monitoring purposes. If we were to remove these logs from FortiGate/FortiAnalyzer, we would free up significant storage space for the valuable logs, resulting in improved traceability over time.
We are wondering if it is possible to implement distinct policies for log storage. Specifically, we would like to delete certain logs shortly after they have been forwarded to the syslog server.
Yes, it is possible to automate the removal of certain logs on Fortinet using scripts or automation tools. Fortinet provides APIs and CLI commands that can be used to automate various tasks, including log management.
For example, you can use the Fortinet FortiManager or FortiAnalyzer tools to automate log retention policies and purging of logs. You can also use scripting languages such as Python, PowerShell, or Bash to create custom scripts that can automate log removal based on specific criteria such as age, size, or severity.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.