Filter
Top Products
FortiAnalyzer Version 3.0 MR7 Administration Guide
60 05-30007-0082-20080908
Config System
Configuring an aggregation client
An aggregation client is a FortiAnalyzer unit that sends logs to a aggregation
server. These include models such as the FortiAnalyzer-100A/100B and
FortiAnalyzer-400.
To configure the aggregation client
1 Go to System > Config > Log Aggregation.
2 Select Enable log aggregation TO remote FortiAnalyzer.
3 Set the following settings and select OK:
Configuring an aggregation server
An aggregation server is a FortiAnalyzer unit that receives the logs sent from an
aggregation client. FortiAnalyzer-800/800B models and higher can be configured
as aggregation servers.
To configure the aggregation server
1 Go to System > Config > Log Aggregation.
2 Select Enable log aggregation TO this FortiAnalyzer.
3 Set the following settings and select OK:
Configuring log forwarding
Log forwarding sends duplicates of log messages received by the FortiAnalyzer
unit to a separate Syslog server. This can be useful for additional log storage or
processing.
The log forwarding destination (Remote device IP) may receive either a full
duplicate or a subset of those log messages that are received by the FortiAnalyzer
unit. Log messages are forwarded only if they meet or exceed the Minimum
Severity threshold.
Log forwarding is similar to log uploading or log aggregation, but log forwards are
sent as individual Syslog messages, not whole log files over FTP, SFTP, or SCP,
and not as batches of log files.
To forward log events
1 Go to System > Config > Log Forwarding.
2 Select Enable log forwarding to remote log server.
Remote FortiAnalyzer IP Enter the IP address of the FortiAnalyzer unit acting as the
aggregation server.
Password Enter the password for the aggregation server.
Confirm Password Enter the password again for the aggregation server.
Aggregation daily at Select the time of the day when the aggregation client uploads
the logs to the aggregation server.
Aggregate Now Select to send the logs to the aggregation server immediately.
Use this when you want to create a report on the server with the
most current log data.
Password Enter the password for the aggregation server.
Confirm Password Enter the password again for the aggregation server.