Topic Thread

Expand all | Collapse all

Import Logs from storage into FAZ

  • 1.  Import Logs from storage into FAZ

    Posted 01-14-2016 15:49

    Hey guys,

    Is there a way to import logs stored in an external storage, into  FAZ without having the Fortigate that generated the logs logging to this FAZ ?

    Thanks



  • 2.  RE: Import Logs from storage into FAZ

     
    Posted 01-18-2016 07:20

    Yes. Attached contains the details on how to import logs on a 5.2 FAZ.



  • 3.  RE: Import Logs from storage into FAZ

    Posted 01-19-2016 03:04

    Thanks for the response.

    I've tried this on FortiAnalyzer 5.2 and this doesn't work, it's needed that the FortiGate that generated the logs, is actually registered on FAZ.

    I'm talking about having a dedicated FAZ to reporting (no a single FGT registered), and eventually pulling random logs from an external storage device.



  • 4.  RE: Import Logs from storage into FAZ

     
    Posted 01-19-2016 06:46

    Could you please attach a small sample log that you were tring to import to the FAZ 5.2?



  • 5.  RE: Import Logs from storage into FAZ

    Posted 01-19-2016 08:28

    https://dl.dropboxusercontent.com/u/14535641/FGTADOM3_tlog_from_2015-12-16_18_44_44_to_2016-01-15_18_44_44.log_at_1452912305.log.gz

    Tks !



  • 6.  RE: Import Logs from storage into FAZ

     
    Posted 01-19-2016 11:31

    I was able to import your log file on my FAZ-VM that is running 5.4 interim build - see attached screenshots for details. You need to take the following steps:

    • Add the FGT device: FGVM020000037670  in Device Manager of the FAZ (you can give a bogus IP but the SN needs to be true)
    • Go to Log View to import the log file under the this device name from the import diaglog


  • 7.  RE: Import Logs from storage into FAZ

    Posted 10-20-2016 03:57

    I am trying to pull the local disk logs from a 3000D to a FAZ VM, both are 5.4.1 and I am getting an internal error on the import. Is there anyway to do this? I have a PoC where the partner did not install a FAZ and the customer wants some really nice reports. It's only 3 days of data but 300-400 Mbps customer environment so should be decent amount of data.



  • 8.  RE: Import Logs from storage into FAZ

    Posted 12-22-2016 23:02

    I also get " internal error" message in 5.4.2 build 1151 when I upload the log from other FAZ 

    I just create a new FAZ from device manager , enter the correct SN but it can't import the log

    is it anything wrong ?



  • 9.  RE: Import Logs from storage into FAZ

     
    Posted 12-23-2016 00:43

    Hi Jason

    I got the same result as you, if I use the following settings for downloading logs:

    Log file format = Native
    Compress With gzip "check"

    As a workaround:

    Keep log file format as “Native” and uncheck "Compress With gzip", this worked for me. I'll open a Mantis as it seems there is a problem with “gzip”.

    Many thanks, Roland



  • 10.  RE: Import Logs from storage into FAZ

    Posted 12-26-2016 20:49

    Hi Roland

    It solved my problem...

    Thanks for your advice and support :)

    Jason



  • 11.  RE: Import Logs from storage into FAZ

    Posted 01-24-2017 03:57

    Hi Ling,

    does this procedure for log export/import work for FAZ-to-FAZ only or there is some way to import  log backups from FortiGate to FAZ? I just tried to do this but FAZ does not permit log backups from FG. Is it possible at all?

    Thank you.