Log details
Log details can be viewed for any of the collected logs. The details provided in vary depending on the device and type of log selected. The fields available in the this pane cannot be edited or re-organized.
To view log details, select the log in the log message list. When selected in the View menu, the log details frame will be displayed in the lower frame of the content pane. Log details are not available when viewing raw logs.
In the Log View pane, select the Tools button, and select Display Log Details to enable log details display.
Figure 105:Log details
Archive
The Archive tab is displayed next to the Log Details tab in the lower content pane when archived logs are available. The archive icon, , is displayed in the log entry line to identify that an archive file is available.
Figure 106:Log archive
The name and size of the archived log files are listed in the table. Selecting the download button, , next to the file name allows you to save the file to your computer.
Depending on the file type of the archived log file, the View Packet Log button may also be available next to the download button. Select this button to open the View Packet Log dialog box, which displays the path and content of the log file.
Figure 107:View packet log
Browsing log files
Go to FortiView > Log View > Log Browse to view log files stored for devices. In this page you can display, download, delete, and import log files.
When a log file reaches its maximum size or a scheduled time, the FortiAnalyzer rolls the active log file by renaming the file. The file name will be in the form of xlog.N.log, where x is a letter indicating the log type, and N is a unique number corresponding to the time the first log entry was received.
For information about setting the maximum file size and log rolling options, see “Configuring rolling and uploading of logs” on page 148.
If you display the log messages in formatted view, you can perform all the same actions as with the log message list. See “Viewing log messages” on page 132.
Figure 108:Log file list window
This page displays the following:
| Delete | Select the file of files whose log messages you want to delete, then select Delete, and then select OK in the confirmation dialog box. |
| Display | Select the file whose log messages you want to view, then select Display to open the log message list. For more information, see “Viewing log messages” on page 132 |
| Download | Download a log file. See “Downloading a log file” on page 147. |
| Import | Import log files. See “Importing a log file” on page 146. |
| Search | Search the log files by entering a text value in the search window, such as a device serial number. |
| Log file list | A list of the log files. |
| Device | The device host name. |
| Serial Number | The device serial number. |
| Type | The log type. For example: Email Filter, Event, Traffic, Web Filter, Virus, Application Control, Data Leak Prevention, etc. |
| Log Files | A list of available log files for each device.
The current, or active, log file appears as well as rolled log files. Rolled log files include a number in the file name, such as vlog.1267852112.log. If you configure the FortiAnalyzer unit to delete the original log files after uploading rolled logs to an FTP server, only the current log will exist. |
| From | The time when the log file began to be generated. |
| To | The time when the log file generation ended. |
| Size (bytes) | The size of the log file, in bytes. |
| Pagination | Adjust the number of logs that are listed per page and browse through the pages. |
Importing a log file
Imported log files can be useful when restoring data or loading log data for temporary use. For example, if you have older log files from a device, you can import these logs to the FortiAnalyzer unit so that you can generate reports containing older data.
Importing log files is also useful when changing your RAID configuration. Changing your RAID configuration reformats the hard disk, erasing the log files. If you back up the log files, after changing the RAID configuration, you can import the logs to restore them to the FortiAnalyzer unit.
To import a log file:
- Go to FortiView > Log View > Log Browse.
- Select Import in the toolbar.
The Import Log File dialog box opens.
Figure 109:Import log file dialog box
- Select the device to which the imported log file belongs from the Device field drop-down list, or select [Take From Imported File] to read the device ID from the log file.
If you select [Take From Imported File] your log file must contain a device_id field in its log messages.
- In the File field, select Browse. and find to the log file on the management computer.
- Select OK.
A message appears, stating that the upload is beginning, but will be cancelled if you leave the page.
- Select OK.
The upload time varies depending on the size of the file and the speed of the connection.
After the log file has been successfully uploaded, the FortiAnalyzer unit will inspect the file:
- If the device_id field in the uploaded log file does not match the device, the import will fail. Select Return to attempt another import.
- If you selected [Take From Imported File], and the FortiAnalyzer unit’s device list does not currently contain that device, a message appears after the upload. Select OK to import the log file and automatically add the device to the device list.
Downloading a log file
You can download a log file to save it as a backup or for use outside the FortiAnalyzer unit. The download consists of either the entire log file, or a partial log file, as selected by your current log view filter settings and, if downloading a raw file, the time span specified.
To download a log file:
- Go to FortiView > Log View > Log Browse.
- Select the specific log file that you need to download, then select Download from the toolbar.
The Download Log File dialog box opens.
Figure 110:Download log file dialog box
- Select the log file format, either text, Native, or CSV.
- Select Compress with gzip to compress the log file.
- Select Apply to download the log file.
If prompted by your web browser, select a location to where save the file, or open the file without saving.
FortiClient logs
The FortiAnalyzer unit can receive FortiClient logs uploaded through TCP port 514. The FortiClient logs can be downloaded from Log View > FortiClient.
Figure 111:FortiClient logs
To download a FortiClient log file, select the desired log from the list, then select Download from the toolbar. In the confirmation dialog box, select if you want to compress the log file with gzip, then select Apply to download the log file.
For more information, see the FortiClient Administration Guide.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!