I have been using FortiAnalyzer for long time now on different versions of firmware. And curently it is collecting logs from more than 70 Fortigate devices.
I don' t understand point of new versions of FortiAnalyzer.
First of all it is exactlly the same as FortiManager without Device and Policy management. So question is why would I even consider investing in FortiAnalyzer when everything works on FortiManager. Even in address bar links are ' https://XXX.XXX.XXX.XXX/fortimanager.htm?action=login'
Secondly features like sending email when defined filter has a match in some device log are omitted. It is the key feature of log management!!! To be alerted when some for example IPsec tunnel goes down. I know that it can be done on device but first it isn' t even remotely granular like on FortiAnalyzer 4.3, and second where is centralized management in that!?
All in all this is big step back, as some critical features were removed and all that is left is part of FortiManager (which I also have).
Only good thing is that for two days of production work I didn' t noticed any serrious bugs. (There are lot of minor issues but they can be ignored)
It seams like Fortinet is going to put End of Life on FortiAnalyzer series of products because for customers, there isn' t any reason to invest in FortiAnalyzer if You have or had invested in FortiManager, and if You don' t need FortiManager than probably FortiCloud is good enough. For my company FortiCloud is not an option due to regulations and laws.