FortiAnalyzer Version 3.0 MR3 Administration Guide
52 05-30003-0082-20060925
Configuring the FortiAnalyzer unit Configure the FortiAnalyzer unit
Figure 16: Log aggregation diagram
Log aggregation enables the branch office FortiAnalyzer units to send or upload
their logs at regular intervals to the headquarter FortiAnalyzer unit. This provides a
central storage location as well as a method of running reports that include data
from all branch offices in a single report.
Log aggregation involves an aggregation client (branch office) and an aggregation
server (headquarters). The aggregation client sends all log information for the
registered devices using SSH on port 22. This does not include quarantined files.
It does include the active log to the point of aggregation (tlog.log for example) and
all rolled logs available on the client hard disk (tlog.1.log, tlog.2.log, etc.).
Subsequent log uploads will only include the most recent updates. The
FortiAnalyzer unit will not resend all logs again.
On the aggregation server, additional devices will appear in the devices list. You
can easily identify these devices as the Rx and Tx icons are empty.
Configuring an aggregation client
The aggregation client is the FortiAnalyzer unit that sends logs to a aggregation
server. These would include units such as the FortiAnalyzer-100A/100B or
FortiAnalyzer-400.
To configure the aggregation client
1 Go to System > Config > Log Aggregation.
2 Select Enable log aggregation TO remote FortiAnalyzer
To Next Page
Loading...
Need help?
General