Often times I find that I have to replace a device due to a hardware upgrade or device failure. How are you guys dealing with that in your FortiAnalyzer? I want to be able to continue to build reports off of the same device as if the change in hardware was transparent. I tried changing the serial number on the FAZ but then all my old logs disappeared.
The best solution I have come up with is creating a log array and joining my old and new logs via that. Does anyone have a better method?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It should work with following command.. # exec device replace sn <current-dev-name> <new-dev-name>
Robi wrote:Hi Robi thanks for the reply. I have used your method with limited success. My issue is that once I execute the replace sn command I lose all of my previous logs for the device. The only way I have determined to circumvent this issue is by creating a log array that includes both the old and new device. This starts to get old when you have to replace or RMA a device more than once! If only there were a way to edit the old log files so that they show up under the device with the new serial number.It should work with following command.. # exec device replace sn <current-dev-name> <new-dev-name>
Hello.
We are using FAZ-VM64 with Adoms where an ADOM is for one customer. In case of device failure I just add the new device into the same ADOM where the old one is. Under the Report Configuration -> Devices I set All devices or Specify and I choos both of them - the old and the new one.
When the FAZ starts generate new reports from the new logs only you can delette the old one.
This is the way I use it.
Another way I tested is that you backup the logs from the CLI to FTP server. In total commander you can rename the files with the Multi Rename tool where you change the Serial Number to the new one. Than you add your new device to FAZ and when the logging is active you import the logs back under the new device.
- I used this method when I was upgrading some FortiGates from 4.3.x version to 5.0.x
But... all the times if you are working with logs take a time and back up the log files if they are important for you.
AtiT
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.