Filter
Top Products
System Config
FortiAnalyzer Version 3.0 MR7 Administration Guide
05-30007-0082-20080908 59
For example, a company may have a headquarters and a number of branch
offices. Each branch office has a FortiGate unit and a FortiAnalyzer-100A/100B to
collect local log information. Those branch office FortiAnalyzer units are
configured as log aggregation clients. The headquarters has a
FortiAnalyzer-2000/2000A which is configured as a log aggregator. The log
aggregator collects logs from each of the branch office log aggregation clients,
enabling headquarters to run reports that reflect all offices.
Figure 31: Example log aggregation topology
All FortiAnalyzer models can be configured as a log aggregation client, but log
aggregation server support varies by FortiAnalyzer model, due to storage and
resource requirements.
Note: For more information about log aggregation port numbers, see the Knowledge
Center article Traffic Types and TCP/UDP Ports used by Fortinet Products.
FortiAnalyzer Model Aggregation Client Aggregation Server
FortiAnalyzer-100A/100B Yes No
FortiAnalyzer-400 Yes No
FortiAnalyzer-800/800B Yes Yes
FortiAnalyzer-2000/2000A Yes Yes
FortiAnalyzer-4000/4000A Yes Yes