Description
This article describes how to back up and restore FortiAnalyzer settings, logs, and reports.
Scope
Periodic backup allows recovery in the event of a unit failure, unit replacement or maintenance such as disk formatting, RAID rebuilding, or resetting configuration to the factory default.
In a planned (non-emergency) replacement or upgrade of a FortiAnalyzer, log aggregation (also known as log forwarding) from an old to a new unit is an alternative to using log restore.
Solution
Backing up Logs, Reports, and Settings (Configuration).
To back up both logs and associated DLP archive files:
execute backup logs <device name(s)| all> <ftp/sftp/scp> <ip> <user name> <password> <directory>
To back up logs only:
execute backup logs-only <device name(s)| all> <ftp/sftp/scp> <ip> <user name> <password> <directory>
To Backup Reports:
execute backup reports <report name or all> <ftp/sftp/scp> <ip> <user name> <password> <directory>
To Backup the FortiAnalyzer Unit Settings to an FTP, SFTP, or SCP server:
When the unit settings are backed up from the vdom_admin account, the backup file contains global settings and the settings for each VDOM.
When the unit settings are backed up from a regular administrator account, the backup file contains the global settings and only the settings for the VDOM to which the administrator belongs.
execute backup all-settings {ftp | sftp} <ip> <string> <username> <password> <crptpasswd>
execute backup all-settings <scp> <ip> <string> <username> <ssh-cert> <crptpasswd>
Restoring Logs, Reports, and Settings (Configuration).
To restore FortiAnalyzer settings, it is recommended to do this before restoring logs.
This is to ensure that the quotas/log retention policy is properly set prior to the logs being restored.
To Restore FortiAnalyzer Unit Settings:
execute restore all-settings {ftp | sftp} <ip> <string> <username> <password> <crptpasswd>
execute restore all-settings <scp> <ip> <string> <username> <ssh-cert> <crptpasswd>
To Restore All Logs:
execute restore logs-only <device name(s)| all> <ftp/sftp/scp> <ip> <user name> <password> <directory>
To Restore Reports:
execute restore reports <report name or all> <ftp/sftp/scp> <ip> <user name> <password> <directory>
Example and verifying of the backup.
How to create the configuration backup from the GUI:
Note: The logs are not included in this backup.
System Settings -> Dashboard -> System Information widget.
When the backup is successful, it is possible to find the MD5 hash from the System Settings -> Event Log.
Using the CLI:
execute backup all-settings ftp 10.109.21.220 / test1 test1
Starting backup all settings in background, please wait.
# Starting transfer the backup file to FTP server...
Transferred 139.237M of 139.237M in 0:00:00s (178.065M/s)
Backup all settings...Ok.
MD5: 635f75d00009242f37684cf0e6018b83
First, start the backup. The name of the backup is created by the system.
When the backup is successful MD5 hash has been generated.
Then it is possible to use the native tools under Linux/GNU distributions and Windows as shown below to check the integrity of the file.
Under Windows Power shell:
PS C:\Users\fortinet\Downloads> Get-FileHash -Algorithm MD5 .\fmg_clibackup.dat
Algorithm Hash Path
--------- ---- ----
MD5 635F75D00009242F37684CF0E6018B83 C:\Users\fortinet\Downloads\f...
Under Linux:
# md5sum fmg_clibackup.dat > fmg_clibackup.dat.md5sum
# cat fmg_clibackup.dat.md5sum
635f75d00009242f37684cf0e6018b83 fmg_clibackup.dat
By enabling the encryption or disabling the encryption during the config file backup, the final checksum value will be different.
Related Articles:
Technical Note: How to check SQL Database rebuild progress on FortiAnalyzer
Technical Note: Forwarding logs between FortiAnalyzers
Technical Tip: How to migrate a FortiAnalyzer logs and config to a new system
Technical Tip : How to reduce FortiManager config backup size (.dat file)
