Fortinet black logo

Administration Guide

Fetch requests

Fetch requests

A fetch request requests archived logs from the fetch server configured in the selected fetch profile. When making the request, the ADOM on the fetch server the logs are fetched from must be specified. An ADOM on the fetching client must be specified or, if needed, a new one can be created. If logs are being fetched to an existing local ADOM, you must ensure the ADOM has enough disk space for the incoming logs.

The data policy for the local ADOM on the client must also support fetching logs from the specified time period. It must keep both archive and analytics logs long enough so they will not be deleted in accordance with the policy. For example: Today is July 1, the ADOM's data policy is configured to keep analytics logs for 30 days (June 1 - 30), and you need to fetch logs from the first week of May. The data policy of the ADOM must be adjusted to keep analytics and archive logs for at least 62 days to cover the entire time span. Otherwise, the fetched logs will be automatically deleted after they are fetched.

To send a fetch request:
  1. On the fetch client, go to System Settings > Fetcher Management and select the Profiles tab
  2. Select the profile then click Request Fetch in the toolbar, or right-click and select Request Fetch from the menu. The Fetch Logs dialog box opens.

  3. Configure the following settings, then click Request Fetch.

    The request is sent to the fetch server. The status of the request can be viewed in the Sessions tab.

    Name

    Displays the name of the fetch server you have specified.

    Server IP

    Displays the IP address of the server you have specified.

    User

    Displays the username of the server administrator you have provided.

    Secure Connection

    Select to use SSL connection to transfer fetched logs from the server.

    Server ADOM

    Select the ADOM on the server the logs will be fetched from. Only one ADOM can be fetched from at a time.

    Local ADOM

    Select the ADOM on the client where the logs will be received.

    Either select an existing ADOM from the dropdown list, or create a new ADOM by entering a name for it into the field.

    Devices

    Add the devices and/or VDOMs that the logs will be fetched from. Up to 256 devices can be added.

    Click Select Device, select devices from the list, then click OK.

    Enable Filters

    Select to enable filters on the logs that will be fetched.

    Select All or Any of the Following Conditions in the Log messages that match field to control how the filters are applied to the logs.

    Add filters to the table by selecting the Log Field, Match Criteria, and Value for each filter.

    Time Period

    Specify what date and time range of log messages to fetch.

    Index Fetch Logs

    If selected, the fetched logs will be indexed in the SQL database of the client once they are received. Select this option unless you want to manually index the fetched logs.

Fetch requests

Fetch requests

A fetch request requests archived logs from the fetch server configured in the selected fetch profile. When making the request, the ADOM on the fetch server the logs are fetched from must be specified. An ADOM on the fetching client must be specified or, if needed, a new one can be created. If logs are being fetched to an existing local ADOM, you must ensure the ADOM has enough disk space for the incoming logs.

The data policy for the local ADOM on the client must also support fetching logs from the specified time period. It must keep both archive and analytics logs long enough so they will not be deleted in accordance with the policy. For example: Today is July 1, the ADOM's data policy is configured to keep analytics logs for 30 days (June 1 - 30), and you need to fetch logs from the first week of May. The data policy of the ADOM must be adjusted to keep analytics and archive logs for at least 62 days to cover the entire time span. Otherwise, the fetched logs will be automatically deleted after they are fetched.

To send a fetch request:
  1. On the fetch client, go to System Settings > Fetcher Management and select the Profiles tab
  2. Select the profile then click Request Fetch in the toolbar, or right-click and select Request Fetch from the menu. The Fetch Logs dialog box opens.

  3. Configure the following settings, then click Request Fetch.

    The request is sent to the fetch server. The status of the request can be viewed in the Sessions tab.

    Name

    Displays the name of the fetch server you have specified.

    Server IP

    Displays the IP address of the server you have specified.

    User

    Displays the username of the server administrator you have provided.

    Secure Connection

    Select to use SSL connection to transfer fetched logs from the server.

    Server ADOM

    Select the ADOM on the server the logs will be fetched from. Only one ADOM can be fetched from at a time.

    Local ADOM

    Select the ADOM on the client where the logs will be received.

    Either select an existing ADOM from the dropdown list, or create a new ADOM by entering a name for it into the field.

    Devices

    Add the devices and/or VDOMs that the logs will be fetched from. Up to 256 devices can be added.

    Click Select Device, select devices from the list, then click OK.

    Enable Filters

    Select to enable filters on the logs that will be fetched.

    Select All or Any of the Following Conditions in the Log messages that match field to control how the filters are applied to the logs.

    Add filters to the table by selecting the Log Field, Match Criteria, and Value for each filter.

    Time Period

    Specify what date and time range of log messages to fetch.

    Index Fetch Logs

    If selected, the fetched logs will be indexed in the SQL database of the client once they are received. Select this option unless you want to manually index the fetched logs.