Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sebastan_bach
New Contributor

how to download logs from Fortigate in CSV format

Hi, 

 

I am using Fortigate appliance and using the local GUI for managing the firewall. In the logs I can see the option to download the logs. But the download is a .log file format. How can I download the logs in CSV / excel format. Is there a way to do that. I am not using forti-analyzer or manager. 

 

Or is there a tool to convert the .log file to csv format. I am using forti-OS 5.6.2

 

appreciate any help.

 

Sebastan

6 REPLIES 6
mahesh_secure
Contributor

Hi Sebastan

 

i try with fileviewer plus. its support .log file. once open it copy and past to excel and use data-->text to colums feature in excel to convert.

 

hope helps you

 

Regards

Mahesh

tmelton

That works great with CSV format, but these file are not in that format.

this format does not turn into a please set of columns.

 

 

date=2019-05-07 time=08:17:29 logid="0102043040" type="event" subtype="user" level="notice"

Tim Melton

Cimtel

System Administrator/DBA

Tim Melton Cimtel System Administrator/DBA
theArties
New Contributor III

Hi there, 

 

I know the last post has been a while back, but wondering if there's a latest answer to the question? 

Having similar issue importing the log into excel. Or is it meant to be this way? 

 

Thanks.

emnoc
Esteemed Contributor III

I want to say you can export the logs form fortianalyzer and achieve this.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
aleg
New Contributor

But, how?  If you are viewing Forward Traffic, apply some filters, then click the Download button to get only the data you want, you can't get a CSV.  It only gives you *.log file with the text saved as above.

 

Is there some other method?

 

Or, a pattern for importing into Excel to convert to columns with headers?

emnoc
Esteemed Contributor III

Just download the file from the webUI it will be in tab seperated

 

e.g adownload tlog;

 

date=2020-07-15 time=20:59:40 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1594871980266791507 tz="-0700" srcip=10.1.1.140 srcport=47269 srcintf="lan" srcintfrole="lan" dstip=112.124.0.188 dstport=15000 dstintf="wan1" dstintfrole="wan" srccountry="Reserved" dstcountry="China" sessionid=2038461 proto=6 action="deny" policyid=0 policytype="policy" service="tcp/15000" trandisp="noop" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned" crscore=30 craction=131072 crlevel="high"

 

Another option is to use the cli and display the log and set filters and capture it to a file

 

 execute log filter category   0

 execute log filter field dstcountry china  

 execute log display

 

http://socpuppet.blogspot.com/2016/08/using-execute-log-filters-to-monitor.html

 

If you need CSV, just remove the tab and replace tab with commas

 

unix-sed

 

 sed 's/ /,/g' tlog.tab > tlog.csv

 

You have hundred of options on what you can do. You just have to be creative.Also don't forget if you do not havr a remote-log like fortianalyzer you can export logs to a syslog and facility and then do any manipulation on the syslog host

 

 oh to export logs via syslog in csv change the settings

 

config log syslogd setting set status enable set mode reliable set port 6514 set format csv set enc-algorithm high set ssl-min-proto-version TLSv1-1 set certificate "fgt1-new1" end

 

 

Ken Felix

 

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors