Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Created on ‎03-12-2024 07:40 PM

Total logs for analytics in FortiAnalyzer

Friends, a question, I have a fortianalyzer VM. I have several Fortigate devices synchronized with the FAZ for reporting purposes.

Previously, Total records for analysis were displayed: 60 days. Little by little it has been reducing and now I see Total logs for analytics: 20 days.

Could you help me by indicating what this is due to?

Screenshot_1.jpg

"Daily Log Limit Exceeded" alerts are also displayed.

Will this be related to the reduction of Total logs for analytics: 20 day?
I have 9 fortigates teams synchronized with the FAZ.

Screenshot_2.jpg

 

Labels:
252
0 Kudos
1 Solution
ozkanaltas
Contributor III

Created on ‎03-12-2024 11:52 PM

 

Hello @unknown1020 ,

 

The answer to your first question is, this is about your storage area. You can set 60 days on configuration for Analytics but if your FortiAnalyzer doesn't have enough space on disk your analytics data keeps just up to your storage space. If you extend your log disk, FortiAnalyzer can keep analytics logs for more than 20 days. 

 

If you want to get information about how to extend log disk on FortiAnalyzer VM, you can review this document.

https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-Extending-disk-space-in-FortiAnalyzer-...

 

The answer to your second question is, that this is related to the daily quota for collecting logs. This is not related to the analytics log. This is about how much logs are processed daily. You can find more information about that in this link.

 

https://docs.fortinet.com/document/fortianalyzer-private-cloud/7.4.0/vmware-esxi-administration-guid...

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
219
0 Kudos
3 REPLIES 3
ozkanaltas
Contributor III

Created on ‎03-12-2024 11:52 PM

 

Hello @unknown1020 ,

 

The answer to your first question is, this is about your storage area. You can set 60 days on configuration for Analytics but if your FortiAnalyzer doesn't have enough space on disk your analytics data keeps just up to your storage space. If you extend your log disk, FortiAnalyzer can keep analytics logs for more than 20 days. 

 

If you want to get information about how to extend log disk on FortiAnalyzer VM, you can review this document.

https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-Extending-disk-space-in-FortiAnalyzer-...

 

The answer to your second question is, that this is related to the daily quota for collecting logs. This is not related to the analytics log. This is about how much logs are processed daily. You can find more information about that in this link.

 

https://docs.fortinet.com/document/fortianalyzer-private-cloud/7.4.0/vmware-esxi-administration-guid...

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
220
0 Kudos
unknown1020
New Contributor III
In response to ozkanaltas

Created on ‎03-14-2024 10:17 AM

thanks for the information.

180
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.