Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lazie
New Contributor

Read logs backup from Fortianalyzer

I have used the command " execute backup logs ..." to backup logs of a device to a ftp server. But I can not read the log files in text format because these files are different format. May anyone help me how to read these log files?
4 REPLIES 4
AtiT
Valued Contributor

Hi, When I did a backup of the logs using the " execute backup log" command the logs were saved in compressed format ( If I remember *.gz). You can uncompress it and there is a simple text file which you can open f.e. in notepad etc. At least it worked for me in this way.

AtiT

AtiT
lazie
New Contributor

Hi, Thank u, AtiT. I opened these file by notepad and wordpad but still couldn' t read because there were many strange symbols. I guessed these files were written in Fortigate format not simple text format. That ' s why we need another way to read them.
AndreaSoliva
Contributor III

Hi it is as it is which means. If you export a log file from a FortiGate device it looks like following: tlog.FGT60C3G12013754.root.20120927000000.gz This is a compressed format " gz" . This can be uncompressed with zip or whatever packer. At least you have a txt file which is a raw format from FortiGate. What has to be understood is that the file stored on a FortiGate are not raw files. This means every log goes to a PostgresSQL DB. No raw logs stored on FortiGate. What you see in the txt file is a raw export from the DB. There is no possiblity to bring the file back to FortiGate device. You have two choice to read the log files in a good way or as normal: --> Use a Free Tool like http://www.splunk.com (not the way I would like to go) --> Use FortiAnalyzer (The way I would go even I do not have a license). The FortiAnalyzer (FAZ) can be downloaded and installed without any license (runs with a 1 GB Log per Day and Storage) restrictions 14 days. Can be installed on a Laptop with VMware Workstation 9.x or higher! Is setup in minutes for this case and the logs of FortiGate can be imported over the register " Log View > Log Browse > Import" . I hope this verifies the case Have fun Andrea
lazie
New Contributor

thank andrea, the second way may seem to be the best because it doesn' t cost much. have a good day.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors