FortiSIEM Miscellaneous Operations

Miscellaneous Operations
Exporting Events to Files

You can run the phExportEvent tool from a Supervisor or Worker node to export events to CSV files. The file will contain these fields:

phExportEvent Command Description
DESTINATION_DIR Destination directory where the exported event files are saved
START_TIME Starting time of events to be exported. The format is YYYY-MM-DD HH:MM:SS {+|-} TZ. If TZ is not given, local time zone of the machine where the script is running will be used. Example: 2010-03-10 23:00:00 -8 means Pacific Standard Time, 23:00:00 03/10/2010. 2010-07-29 10:20:00 +5:30 means India Standard Time 10:20:00 07/29/2010.
RELATIVE_START_TIME Starting time of events to be exported relative backward to the end time as specified using –endtime END_TIME

. The format is

where NUM is the number of days or hours or minutes. For example, –relstarttime 5d means the starting time is 5 days prior to the ending time.

END_TIME Ending time of events to be exported. The format is the same as START_TIME.
RELATIVE_END_TIME Ending time of events to be exported relative forward to the start time as specified using START_TIME. The format is same as RELATIVE_START_TIME.
DEVICE_NAME Host name or IP address of the device with the events to be exported. Use a comma-separated list to specify multiple IPs or host names, for example, –dev 10.1.1.1,10.10.10.1,router1,router2. Host name is case insensitive
ORGANIZATION_NAME Used only for multi-tenant deployments. The name of the organization with the events to be exported. To specify multiple organizations, enter a commandeach for one organization, for example, –org “Public Bank” –org “Private Bank”. The organization name is case insensitive.
TIME_ZONE Specifies the time zone used to format the event received time in the exported event files. The format is {+|-}TZ, for example, -8 means Pacific Standard Time, +5:30 means India Standard Time.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.