Is there a way to import logs stored in an external storage, into FAZ without having the Fortigate that generated the logs logging to this FAZ ?
Yes. Attached contains the details on how to import logs on a 5.2 FAZ.
Thanks for the response.
I've tried this on FortiAnalyzer 5.2 and this doesn't work, it's needed that the FortiGate that generated the logs, is actually registered on FAZ.
I'm talking about having a dedicated FAZ to reporting (no a single FGT registered), and eventually pulling random logs from an external storage device.
Could you please attach a small sample log that you were tring to import to the FAZ 5.2?
I was able to import your log file on my FAZ-VM that is running 5.4 interim build - see attached screenshots for details. You need to take the following steps:
I am trying to pull the local disk logs from a 3000D to a FAZ VM, both are 5.4.1 and I am getting an internal error on the import. Is there anyway to do this? I have a PoC where the partner did not install a FAZ and the customer wants some really nice reports. It's only 3 days of data but 300-400 Mbps customer environment so should be decent amount of data.
I also get " internal error" message in 5.4.2 build 1151 when I upload the log from other FAZ
I just create a new FAZ from device manager , enter the correct SN but it can't import the log
is it anything wrong ?
I got the same result as you, if I use the following settings for downloading logs:
Log file format = Native Compress With gzip "check"
As a workaround:
Keep log file format as “Native” and uncheck "Compress With gzip", this worked for me. I'll open a Mantis as it seems there is a problem with “gzip”.
Many thanks, Roland
It solved my problem...
Thanks for your advice and support :)
does this procedure for log export/import work for FAZ-to-FAZ only or there is some way to import log backups from FortiGate to FAZ? I just tried to do this but FAZ does not permit log backups from FG. Is it possible at all?