You can configure supported devices to send logs to the FortiAnalyzer device. These devices are displayed in the root ADOM as unauthorized devices. You can quickly view unauthorized devices by clicking Unauthorized Devices in the quick status bar. You must authorize the devices before FortiAnalyzer can start receiving logs from the devices.
When ADOMs are enabled, you can assign the device to an ADOM. When authorizing multiple devices at one time, they are all added to the same ADOM.
By default, FortiAnalyzer expects you to use the default admin account with no password. If the default admin account is no longer usable, or you have changed the password, the device authorization process fails. If the device authorization fails, delete the device from FortiAnalyzer, and add the device again by using the Add Device wizard, where you can specify the admin login and password.
When you delete a device or VDOM from the FortiAnalyzer unit, its raw log files are also deleted. SQL database logs are not deleted.
To authorize devices:
- In the root ADOM, go to Device Manager and click Unauthorized Devices in the quick status bar. The content pane displays the unauthorized devices.
- If necessary, select the Display Hidden Devices check box to display hidden unauthorized devices.
- Select the unauthorized device or devices, then click Authorize. The Authorize Device dialog box opens.
- If ADOMs are enabled, select the ADOM in the Add the following device(s) to ADOM list. If ADOMs are disabled, select root. The default value is None.
If you try to authorize devices having different firmware versions than the selected ADOM version, the system shows a Version Mismatch Warning confirmation dialog.
If you authorize the devices in spite of the warning, the configuration syntax may not be fully supported in the selected ADOM.
- Click OK to authorize the device or devices.
The device or devices are authorized, and FortiAnalyzer can start receiving logs from the device or devices.