Fortinet Document Library
Version:
6.4.4
6.4.3
6.4.2
Version:
6.4.1
6.4.0
6.2.7
Version:
6.2.6
6.2.5
6.2.3
Version:
6.2.2
6.2.1
6.2.0
Version:
6.0.9
6.0.8
6.0.7
Version:
6.0.6
6.0.5
6.0.4
Version:
6.0.3
6.0.2
6.0.1
Version:
6.0.0
5.6.10
5.6.10
Version:
5.6.9
5.6.8
5.6.7
Version:
5.6.6
5.6.5
5.6.4
Version:
5.6.3
5.6.2
5.6.1
Version:
5.6.0
5.4.7
5.4.6
Version:
5.4.5
5.4.4
5.4.3
Version:
5.4.2
5.4.1
5.4.0
Version:
5.2.10
5.2.9
5.2.7
Version:
5.2.6
5.2.5
5.2.4
Version:
5.2.3
5.2.2
5.2.1
Version:
5.2.0
5.0.13
5.0.11
Version:
5.0.10
5.0.9
5.0.8
Version:
5.0.7
5.0.6
5.0.5
Version:
5.0.4
5.0.3
5.0.2
Version:
4.3.0
4.2.0
4.1.0
Version:
4.0.0
Table of Contents
What’s New in FortiAnalyzer
FortiAnalyzer 6.0.8
FortiAnalyzer 6.0.7
FortiAnalyzer 6.0.6
FortiAnalyzer 6.0.5
FortiAnalyzer 6.0.4
FortiAnalyzer 6.0.3
FortiAnalyzer 6.0.2
FortiAnalyzer 6.0.1
System Settings
NOC - SOC
FortiView
FortiAnalyzer 6.0.0
Incident Detection & Response
FortiAnalyzer High Availability
Secure Syslog Forwarding
Setting up FortiAnalyzer
Connecting to the GUI
Security considerations
Restricting GUI access by trusted host
Other security considerations
GUI overview
Panes
Color themes
Full-screen mode
Switching between ADOMs
Using the right-click menu
Avatars
Showing and hiding passwords
Target audience and access level
Initial setup
FortiManager features
Enable or disable FortiManager features
Next steps
Restarting and shutting down
FortiAnalyzer Key Concepts
Two operation modes
Analyzer mode
Collector mode
Analyzer and Collector feature comparison
Analyzer–Collector collaboration
Administrative domains
Log storage
SQL database
Archive logs and Analytics logs
Data policy and automatic deletion
Disk utilization for Archive and Analytic logs
NOC/SOC dashboard
Device Manager
ADOMs
FortiClient EMS devices
Unregistered devices
Using FortiManager to manage FortiAnalyzer devices
Adding devices
Adding devices using the wizard
Adding devices manually
Adding an HA cluster
Managing devices
Using the quick status bar
Using the toolbar
Editing device information
Displaying historical average log rates
Connecting to a registered device GUI
Fabric View
Fabric Connectors
ITSM
Creating or editing ITSM connectors
Fortinet Security Fabric
Adding a Security Fabric group
Displaying Security Fabric topology
Log View and Log Quota Management
Types of logs collected for each device
Log messages
Viewing the log message list of a specific log type
Viewing message details
Customizing displayed columns
Filtering messages
Viewing historical and real-time logs
Viewing raw and formatted logs
Custom views
Downloading log messages
Creating charts
Log groups
Log browse
Importing a log file
Downloading a log file
Deleting log files
Log and file storage
Disk space allocation
Log and file workflow
Automatic deletion
Logs for deleted devices
Log storage information
Storage information
Configuring log storage policy
Event and Incident Management
Event handlers
Predefined event handlers
FortiGate event handlers
Creating a custom event handler
Using the Generic Text Filter in an event handler
Managing event handlers
Enabling event handlers
Cloning event handlers
Resetting to factory defaults
Events
All Events
Filtering events
Event details
Acknowledging events
Calendar View
Incidents
Raising an incident
Analyzing an incident
Configuring incident settings
NOC - SOC Monitoring
NOC - SOCÂ dashboards and widgets
NOC - SOC dashboards
Security Monitor
Compromised Hosts Monitor
Vulnerabilities Monitor
Security Fabric
WiFi Monitor
System
Threat Research
Using the NOC - SOCÂ dashboard
Customizing the NOC - SOCÂ dashboard
FortiView
How ADOMs affect the FortiView pane
Logs used for FortiView
FortiView summary list and description
Using FortiView
FortiView Summary page
Viewing FortiView summaries
Filtering FortiView summaries
Viewing related logs
Exporting filtered summaries
Viewing Compromised Hosts
Monitoring resource usage of devices
Examples of using FortiView
Finding application and user information
Finding unsecured wireless access points
Analyzing and reporting on network traffic
Viewing vulnerabilities with high severity and frequency
Reports
How ADOMs affect reports
Predefined reports, templates, charts, and macros
Logs used for reports
How charts and macros extract data from logs
How auto-cache works
Generating reports
Viewing completed reports
Enabling auto-cache
Grouping reports
Retrieving report diagnostic logs
Auto-Generated Reports
Scheduling reports
Creating reports
Creating reports from report templates
Creating reports by cloning and editing
Creating reports without using a template
Reports Settings tab
Customizing report cover pages
Reports Layout tab
Filtering report output
Managing reports
Organizing reports into folders
Importing and exporting reports
Report template library
Creating report templates
Viewing sample reports for predefined report templates
Managing report templates
List of report templates
Chart library
Creating charts
Managing charts
Macro library
Creating macros
Managing macros
Datasets
Creating datasets
Viewing the SQL query of an existing dataset
SQL query functions
Managing datasets
Output profiles
Creating output profiles
Managing output profiles
Report languages
Exporting and modifying a language
Importing a language
Report calendar
Viewing all scheduled reports
Managing report schedules
System Settings
Dashboard
Customizing the dashboard
System Information widget
Changing the host name
Configuring the system time
Updating the system firmware
Backing up the system
Restoring the configuration
Migrating the configuration
Configuring the operation mode
System Resources widget
License Information widget
Unit Operation widget
CLI Console widget
Alert Messages Console widget
Log Receive Monitor widget
Insert Rate vs Receive Rate widget
Log Insert Lag Time widget
Receive Rate vs Forwarding Rate widget
Disk I/O widget
Logging Topology
Network
Configuring network interfaces
Disabling ports
Changing administrative access
Static routes
RAID Management
Supported RAID levels
Configuring the RAID level
Monitoring RAID status
Swapping hard disks
Adding hard disks
Administrative Domains
Default ADOMs
Organizing devices into ADOMs
FortiClient support and ADOMs
Enabling and disabling the ADOM feature
ADOM device modes
Managing ADOMs
Creating ADOMs
Assigning devices to an ADOM
Assigning administrators to an ADOM
Editing an ADOM
Deleting ADOMs
Certificates
Local certificates
CA certificates
Certificate revocation lists
Log Forwarding
Modes
Configuring log forwarding
Managing log forwarding
Fetcher Management
Fetching profiles
Fetch requests
Synchronizing devices and ADOMs
Request processing
Fetch monitoring
Event Log
Event log filtering
Task Monitor
SNMP
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
SNMP MIBs
SNMP traps
Fortinet & FortiAnalyzer MIB fields
Mail Server
Syslog Server
Meta Fields
Device logs
Configuring rolling and uploading of logs using the GUI
Configuring rolling and uploading of logs using the CLI
File Management
Advanced Settings
Administrators
Trusted hosts
Monitoring administrators
Disconnecting administrators
Managing administrator accounts
Creating administrators
Editing administrators
Deleting administrators
Administrator profiles
Permissions
Privacy Masking
Creating administrator profiles
Editing administrator profiles
Cloning administrator profiles
Deleting administrator profiles
Authentication
Public Key Infrastructure
Managing remote authentication servers
Editing remote authentication servers
Deleting remote authentication servers
LDAP servers
RADIUS servers
TACACS+ servers
Remote authentication server groups
Global administration settings
Password policy
Password lockout and retry attempts
GUI language
Idle timeout
Two-factor authentication
Configuring FortiAuthenticator
Configuring FortiAnalyzer
High Availability
Configuring HA options
Log synchronization
Configuration synchronization
Monitoring HA status
If the primary unit fails
Load balancing
Upgrading the FortiAnalyzer firmware for an operating cluster
Collectors and Analyzers
Configuring the Collector
Configuring the Analyzer
Fetching logs from the Collector to the Analyzer
Appendix A - Supported RFC Notes
Home
FortiAnalyzer 6.0.8
Administration Guide
Administration Guide
What’s New in FortiAnalyzer
FortiAnalyzer 6.0.8
FortiAnalyzer 6.0.7
FortiAnalyzer 6.0.6
FortiAnalyzer 6.0.5
FortiAnalyzer 6.0.4
FortiAnalyzer 6.0.3
FortiAnalyzer 6.0.2
FortiAnalyzer 6.0.1
System Settings
NOC - SOC
FortiView
FortiAnalyzer 6.0.0
Incident Detection & Response
FortiAnalyzer High Availability
Secure Syslog Forwarding
Setting up FortiAnalyzer
Connecting to the GUI
Security considerations
Restricting GUI access by trusted host
Other security considerations
GUI overview
Panes
Color themes
Full-screen mode
Switching between ADOMs
Using the right-click menu
Avatars
Showing and hiding passwords
Target audience and access level
Initial setup
FortiManager features
Enable or disable FortiManager features
Next steps
Restarting and shutting down
FortiAnalyzer Key Concepts
Two operation modes
Analyzer mode
Collector mode
Analyzer and Collector feature comparison
Analyzer–Collector collaboration
Administrative domains
Log storage
SQL database
Archive logs and Analytics logs
Data policy and automatic deletion
Disk utilization for Archive and Analytic logs
NOC/SOC dashboard
Device Manager
ADOMs
FortiClient EMS devices
Unregistered devices
Using FortiManager to manage FortiAnalyzer devices
Adding devices
Adding devices using the wizard
Adding devices manually
Adding an HA cluster
Managing devices
Using the quick status bar
Using the toolbar
Editing device information
Displaying historical average log rates
Connecting to a registered device GUI
Fabric View
Fabric Connectors
ITSM
Creating or editing ITSM connectors
Fortinet Security Fabric
Adding a Security Fabric group
Displaying Security Fabric topology
Log View and Log Quota Management
Types of logs collected for each device
Log messages
Viewing the log message list of a specific log type
Viewing message details
Customizing displayed columns
Filtering messages
Viewing historical and real-time logs
Viewing raw and formatted logs
Custom views
Downloading log messages
Creating charts
Log groups
Log browse
Importing a log file
Downloading a log file
Deleting log files
Log and file storage
Disk space allocation
Log and file workflow
Automatic deletion
Logs for deleted devices
Log storage information
Storage information
Configuring log storage policy
Event and Incident Management
Event handlers
Predefined event handlers
FortiGate event handlers
Creating a custom event handler
Using the Generic Text Filter in an event handler
Managing event handlers
Enabling event handlers
Cloning event handlers
Resetting to factory defaults
Events
All Events
Filtering events
Event details
Acknowledging events
Calendar View
Incidents
Raising an incident
Analyzing an incident
Configuring incident settings
NOC - SOC Monitoring
NOC - SOCÂ dashboards and widgets
NOC - SOC dashboards
Security Monitor
Compromised Hosts Monitor
Vulnerabilities Monitor
Security Fabric
WiFi Monitor
System
Threat Research
Using the NOC - SOCÂ dashboard
Customizing the NOC - SOCÂ dashboard
FortiView
How ADOMs affect the FortiView pane
Logs used for FortiView
FortiView summary list and description
Using FortiView
FortiView Summary page
Viewing FortiView summaries
Filtering FortiView summaries
Viewing related logs
Exporting filtered summaries
Viewing Compromised Hosts
Monitoring resource usage of devices
Examples of using FortiView
Finding application and user information
Finding unsecured wireless access points
Analyzing and reporting on network traffic
Viewing vulnerabilities with high severity and frequency
Reports
How ADOMs affect reports
Predefined reports, templates, charts, and macros
Logs used for reports
How charts and macros extract data from logs
How auto-cache works
Generating reports
Viewing completed reports
Enabling auto-cache
Grouping reports
Retrieving report diagnostic logs
Auto-Generated Reports
Scheduling reports
Creating reports
Creating reports from report templates
Creating reports by cloning and editing
Creating reports without using a template
Reports Settings tab
Customizing report cover pages
Reports Layout tab
Filtering report output
Managing reports
Organizing reports into folders
Importing and exporting reports
Report template library
Creating report templates
Viewing sample reports for predefined report templates
Managing report templates
List of report templates
Chart library
Creating charts
Managing charts
Macro library
Creating macros
Managing macros
Datasets
Creating datasets
Viewing the SQL query of an existing dataset
SQL query functions
Managing datasets
Output profiles
Creating output profiles
Managing output profiles
Report languages
Exporting and modifying a language
Importing a language
Report calendar
Viewing all scheduled reports
Managing report schedules
System Settings
Dashboard
Customizing the dashboard
System Information widget
Changing the host name
Configuring the system time
Updating the system firmware
Backing up the system
Restoring the configuration
Migrating the configuration
Configuring the operation mode
System Resources widget
License Information widget
Unit Operation widget
CLI Console widget
Alert Messages Console widget
Log Receive Monitor widget
Insert Rate vs Receive Rate widget
Log Insert Lag Time widget
Receive Rate vs Forwarding Rate widget
Disk I/O widget
Logging Topology
Network
Configuring network interfaces
Disabling ports
Changing administrative access
Static routes
RAID Management
Supported RAID levels
Configuring the RAID level
Monitoring RAID status
Swapping hard disks
Adding hard disks
Administrative Domains
Default ADOMs
Organizing devices into ADOMs
FortiClient support and ADOMs
Enabling and disabling the ADOM feature
ADOM device modes
Managing ADOMs
Creating ADOMs
Assigning devices to an ADOM
Assigning administrators to an ADOM
Editing an ADOM
Deleting ADOMs
Certificates
Local certificates
CA certificates
Certificate revocation lists
Log Forwarding
Modes
Configuring log forwarding
Managing log forwarding
Fetcher Management
Fetching profiles
Fetch requests
Synchronizing devices and ADOMs
Request processing
Fetch monitoring
Event Log
Event log filtering
Task Monitor
SNMP
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
SNMP MIBs
SNMP traps
Fortinet & FortiAnalyzer MIB fields
Mail Server
Syslog Server
Meta Fields
Device logs
Configuring rolling and uploading of logs using the GUI
Configuring rolling and uploading of logs using the CLI
File Management
Advanced Settings
Administrators
Trusted hosts
Monitoring administrators
Disconnecting administrators
Managing administrator accounts
Creating administrators
Editing administrators
Deleting administrators
Administrator profiles
Permissions
Privacy Masking
Creating administrator profiles
Editing administrator profiles
Cloning administrator profiles
Deleting administrator profiles
Authentication
Public Key Infrastructure
Managing remote authentication servers
Editing remote authentication servers
Deleting remote authentication servers
LDAP servers
RADIUS servers
TACACS+ servers
Remote authentication server groups
Global administration settings
Password policy
Password lockout and retry attempts
GUI language
Idle timeout
Two-factor authentication
Configuring FortiAuthenticator
Configuring FortiAnalyzer
High Availability
Configuring HA options
Log synchronization
Configuration synchronization
Monitoring HA status
If the primary unit fails
Load balancing
Upgrading the FortiAnalyzer firmware for an operating cluster
Collectors and Analyzers
Configuring the Collector
Configuring the Analyzer
Fetching logs from the Collector to the Analyzer
Appendix A - Supported RFC Notes
6.0.8
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.10
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.13
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.0
4.2.0
4.1.0
4.0.0
Download PDF
Copy Link
FortiAnalyzer 6.0.6
FortiAnalyzer 6.0.6 includes no new features.
FortiAnalyzer 6.0.6
FortiAnalyzer 6.0.6 includes no new features.
Link
PDF
TOC
