To ensure logs are synchronized among all HA units, FortiAnalyzer HA synchronizes logs in two states: initial synchronization and real-time synchronization. These are controlled by the Initial Sync and Log Data Sync fields in the System Settings > HA, Settings pane.
The Initial Sync setting is mainly for the initial setup of the HA cluster. When Initial Sync is turned on and you add that unit to an HA cluster, the primary unit synchronizes its logs with the new unit.
After Initial Sync is complete, the backup unit automatically reboots. After the reboot, the backup unit rebuilds its log database with the synchronized logs.
After the initial log synchronization, the HA cluster goes into real-time log synchronization state.
Log Data Sync is turned on by default for all units in the HA cluster.
When Log Data Sync is turned on in the primary unit, the primary unit forwards logs in real-time to all backup units. This ensures that the logs in the primary and backup units are synchronized.
Log Data Sync is turned on by default in backup units so that if the primary unit fails, the backup unit selected to be the new primary unit will continue to synchronize logs with backup units.
If you want to use a FortiAnalyzer unit as a standby unit (not as a backup unit), then you don't need real-time log synchronization so you can turn off Log Data Sync.