Hi,
I am using Fortigate appliance and using the local GUI for managing the firewall. In the logs I can see the option to download the logs. But the download is a .log file format. How can I download the logs in CSV / excel format. Is there a way to do that. I am not using forti-analyzer or manager.
Or is there a tool to convert the .log file to csv format. I am using forti-OS 5.6.2
appreciate any help.
Sebastan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Sebastan
i try with fileviewer plus. its support .log file. once open it copy and past to excel and use data-->text to colums feature in excel to convert.
hope helps you
Regards
Mahesh
That works great with CSV format, but these file are not in that format.
this format does not turn into a please set of columns.
date=2019-05-07 time=08:17:29 logid="0102043040" type="event" subtype="user" level="notice"
Tim Melton
Cimtel
System Administrator/DBA
Hi there,
I know the last post has been a while back, but wondering if there's a latest answer to the question?
Having similar issue importing the log into excel. Or is it meant to be this way?
Thanks.
I want to say you can export the logs form fortianalyzer and achieve this.
Ken Felix
PCNSE
NSE
StrongSwan
But, how? If you are viewing Forward Traffic, apply some filters, then click the Download button to get only the data you want, you can't get a CSV. It only gives you *.log file with the text saved as above.
Is there some other method?
Or, a pattern for importing into Excel to convert to columns with headers?
Just download the file from the webUI it will be in tab seperated
e.g adownload tlog;
date=2020-07-15 time=20:59:40 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1594871980266791507 tz="-0700" srcip=10.1.1.140 srcport=47269 srcintf="lan" srcintfrole="lan" dstip=112.124.0.188 dstport=15000 dstintf="wan1" dstintfrole="wan" srccountry="Reserved" dstcountry="China" sessionid=2038461 proto=6 action="deny" policyid=0 policytype="policy" service="tcp/15000" trandisp="noop" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned" crscore=30 craction=131072 crlevel="high"
Another option is to use the cli and display the log and set filters and capture it to a file
execute log filter category 0
execute log filter field dstcountry china
execute log display
http://socpuppet.blogspot.com/2016/08/using-execute-log-filters-to-monitor.html
If you need CSV, just remove the tab and replace tab with commas
unix-sed
sed 's/ /,/g' tlog.tab > tlog.csv
You have hundred of options on what you can do. You just have to be creative.Also don't forget if you do not havr a remote-log like fortianalyzer you can export logs to a syslog and facility and then do any manipulation on the syslog host
oh to export logs via syslog in csv change the settings
config log syslogd setting set status enable set mode reliable set port 6514 set format csv set enc-algorithm high set ssl-min-proto-version TLSv1-1 set certificate "fgt1-new1" end
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.