Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Importing a log file

Imported log files can be useful when restoring data or loading log data for temporary use. For example, if you have older log files from a device, you can import these logs to the FortiAnalyzer unit so that you can generate reports containing older data.

To insert imported logs into the SQL database, the config system sql start-time and rebuild-event-start-time must be older than the date of the logs that are imported and the storage policy for analytic data (the Keep Logs for Analytics field) must also extend back far enough.

To set the SQL start time and rebuild event start time using CLI commands:

config system sql

set start-time <start-time-and-date>

set rebuild-event-start-time <start-time-and-date>

end

Where <start-time-and-date> is in the format hh:mm yyyy/mm/dd.

To import a log file:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Log View > Log Browse and click Import in the toolbar.
  3. In the Device dropdown list, select the device the imported log file belongs to or select [Take From Imported File] to read the device ID from the log file.

    If you select [Take From Imported File], the log file must contain a device_id field in its log messages.

  4. Drag and drop the log file onto the dialog box, or click Add Files and locate the file to be imported on your local computer.

  5. Click OK. A message appears, stating that the upload is beginning, but will be canceled if you leave the page.
  6. Click OK. The upload time varies depending on the size of the file and the speed of the connection.

    After the log file is successfully uploaded, FortiAnalyzer inspects the file:

    • If the device_id field in the uploaded log file does not match the device, the import fails. Click Return to try again.
    • If you selected [Take From Imported File] and the FortiAnalyzer unit’s device list does not currently contain that device, a message appears after the upload. Click OK to import the log file and automatically add the device to the device list.

Importing a log file

Imported log files can be useful when restoring data or loading log data for temporary use. For example, if you have older log files from a device, you can import these logs to the FortiAnalyzer unit so that you can generate reports containing older data.

To insert imported logs into the SQL database, the config system sql start-time and rebuild-event-start-time must be older than the date of the logs that are imported and the storage policy for analytic data (the Keep Logs for Analytics field) must also extend back far enough.

To set the SQL start time and rebuild event start time using CLI commands:

config system sql

set start-time <start-time-and-date>

set rebuild-event-start-time <start-time-and-date>

end

Where <start-time-and-date> is in the format hh:mm yyyy/mm/dd.

To import a log file:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Log View > Log Browse and click Import in the toolbar.
  3. In the Device dropdown list, select the device the imported log file belongs to or select [Take From Imported File] to read the device ID from the log file.

    If you select [Take From Imported File], the log file must contain a device_id field in its log messages.

  4. Drag and drop the log file onto the dialog box, or click Add Files and locate the file to be imported on your local computer.

  5. Click OK. A message appears, stating that the upload is beginning, but will be canceled if you leave the page.
  6. Click OK. The upload time varies depending on the size of the file and the speed of the connection.

    After the log file is successfully uploaded, FortiAnalyzer inspects the file:

    • If the device_id field in the uploaded log file does not match the device, the import fails. Click Return to try again.
    • If you selected [Take From Imported File] and the FortiAnalyzer unit’s device list does not currently contain that device, a message appears after the upload. Click OK to import the log file and automatically add the device to the device list.