Fortinet black logo

Administration Guide

Archive logs and Analytics logs

Archive logs and Analytics logs

Logs in FortiAnalyzer are in one of the following phases. You can specify how long logs remain in each phase.

  • Analytics logs: Indexed in the SQL database and online
  • Archive logs: Compressed on hard disks and offline

In the indexed phase, logs are indexed in the SQL database for a specified length of time for the purpose of analysis. Logs in the indexed phase in the SQL database are considered online and you can view details about these logs in the FortiView, Log View, and Event Manager pane. You can also generate reports about the logs in the Reports pane.

In the compressed phase, logs are compressed and archived in FortiAnalyzer disks for a specified length of time for the purpose of retention. Logs in the compressed phase are considered offline and you cannot immediately view details about these logs in the FortiView, Log View, and Event Manager pane. You also cannot generate reports about the logs in the Reports pane.

Use a data policy to control how long to retain Archive and Analytics logs.

Archive logs and Analytics logs

Logs in FortiAnalyzer are in one of the following phases. You can specify how long logs remain in each phase.

  • Analytics logs: Indexed in the SQL database and online
  • Archive logs: Compressed on hard disks and offline

In the indexed phase, logs are indexed in the SQL database for a specified length of time for the purpose of analysis. Logs in the indexed phase in the SQL database are considered online and you can view details about these logs in the FortiView, Log View, and Event Manager pane. You can also generate reports about the logs in the Reports pane.

In the compressed phase, logs are compressed and archived in FortiAnalyzer disks for a specified length of time for the purpose of retention. Logs in the compressed phase are considered offline and you cannot immediately view details about these logs in the FortiView, Log View, and Event Manager pane. You also cannot generate reports about the logs in the Reports pane.

Use a data policy to control how long to retain Archive and Analytics logs.