Fortinet black logo

Administration Guide

FortiAnalyzer Features

FortiAnalyzer Features

FortiAnalyzer features can be enabled either for a FortiManager unit or for managed FortiAnalyzer units, but not for both at the same time. The features can be used to view and analyze logs from devices with logging enabled that are managed by the FortiManager.

When the features are enabled manually, logs are stored and FortiAnalyzer features are configured on the FortiManager.

When the features are enabled by adding a FortiAnalyzer to the FortiManager, logs are stored and log storage settings are configured on the FortiAnalyzer device. Managed devices with logging enabled send logs to the FortiAnalyzer. The FortiManager remotely accesses logs on the FortiAnalyzer unit and displays the information. See Adding FortiAnalyzer devices.

When FortiAnalyzer features are enabled, the following modules are available:

FortiView

View summaries of log data. For example, you can view top threats to your network, top sources of network traffic, top destinations of network traffic and so on. See the FortiAnalyzer Administration Guide.

NOC - SOC

View multiple panes of network activity, including monitoring network security, WiFi security, and system performance. See the FortiAnalyzer Administration Guide.

Log View

View log messages from managed devices with logging enabled. You can view the traffic log, event log, or security log information. See the FortiAnalyzer Administration Guide.

Event Manager

View events from logs that you want to monitor. You can specify what log messages to display as events by configuring event handlers. See the FortiAnalyzer Administration Guide.

Reports

Generate reports of data from logs. See the FortiAnalyzer Administration Guide.

When FortiAnalyzer features are manually enabled, the following options are available on the System Settings module:

Dashboard widgets

The following widgets can be added to the dashboard: Log Receive Monitor, Insert Rate vs Receive Rate, Log Insert Lag Time, Receive Rate vs Forwarding Rate, and Disk I/O.

The License Information widget will include a Logging section. See Dashboard.

Logging Topology

View the logging topology. See Logging Topology.

Storage Info

View and configure log storage policies. See the FortiAnalyzer Administration Guide.

This pane is only available when ADOMs are enabled.

Fetcher Management

Configure log fetching. See Fetcher Management.

Device Log Settings

Configure device log file size, log rolling, and scheduled uploads to a server. See Device logs.

File Management

Configure the automatic deletion of device log files, quarantined files, reports, and content archive files after a set period of time. See File Management.

Various other settings and information will be included on the FortiManager when FortiAnalyzer features are enabled.

FortiAnalyzer Features

FortiAnalyzer features can be enabled either for a FortiManager unit or for managed FortiAnalyzer units, but not for both at the same time. The features can be used to view and analyze logs from devices with logging enabled that are managed by the FortiManager.

When the features are enabled manually, logs are stored and FortiAnalyzer features are configured on the FortiManager.

When the features are enabled by adding a FortiAnalyzer to the FortiManager, logs are stored and log storage settings are configured on the FortiAnalyzer device. Managed devices with logging enabled send logs to the FortiAnalyzer. The FortiManager remotely accesses logs on the FortiAnalyzer unit and displays the information. See Adding FortiAnalyzer devices.

When FortiAnalyzer features are enabled, the following modules are available:

FortiView

View summaries of log data. For example, you can view top threats to your network, top sources of network traffic, top destinations of network traffic and so on. See the FortiAnalyzer Administration Guide.

NOC - SOC

View multiple panes of network activity, including monitoring network security, WiFi security, and system performance. See the FortiAnalyzer Administration Guide.

Log View

View log messages from managed devices with logging enabled. You can view the traffic log, event log, or security log information. See the FortiAnalyzer Administration Guide.

Event Manager

View events from logs that you want to monitor. You can specify what log messages to display as events by configuring event handlers. See the FortiAnalyzer Administration Guide.

Reports

Generate reports of data from logs. See the FortiAnalyzer Administration Guide.

When FortiAnalyzer features are manually enabled, the following options are available on the System Settings module:

Dashboard widgets

The following widgets can be added to the dashboard: Log Receive Monitor, Insert Rate vs Receive Rate, Log Insert Lag Time, Receive Rate vs Forwarding Rate, and Disk I/O.

The License Information widget will include a Logging section. See Dashboard.

Logging Topology

View the logging topology. See Logging Topology.

Storage Info

View and configure log storage policies. See the FortiAnalyzer Administration Guide.

This pane is only available when ADOMs are enabled.

Fetcher Management

Configure log fetching. See Fetcher Management.

Device Log Settings

Configure device log file size, log rolling, and scheduled uploads to a server. See Device logs.

File Management

Configure the automatic deletion of device log files, quarantined files, reports, and content archive files after a set period of time. See File Management.

Various other settings and information will be included on the FortiManager when FortiAnalyzer features are enabled.