Category Archives: FortiAnalyzer

System Settings – FortiAnalyzer – FortiOS 6.2.3 – Backing up the system

Backing up the system

Fortinet recommends that you back up your FortiAnalyzer configuration to your management computer on a regular basis to ensure that, should the system fail, you can quickly get the system back to its original state with minimal affect to the network. You should also perform a back up after making any changes to the FortiAnalyzer configuration or settings that affect the connected devices.

Fortinet recommends backing up all configuration settings from your FortiAnalyzer unit before upgrading the FortiAnalyzer firmware.

To back up the FortiAnalyzer configuration:

Go to System Settings > Dashboard.
In the System Information widget, click the backup button next to System Configuration. The Backup System dialog box opens
If you want to encrypt the backup file, select the Encryption box, then type and confirm the password you want to use. The password can be a maximum of 63 characters.
Select OK and save the backup file on your management computer.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

System Settings – FortiAnalyzer – Updating The System Firmware – FortiOS 6.2.3

Leave a reply

Updating the system firmware

To take advantage of the latest features and fixes, the FortiAnalyzer firmware can be updated. For information about upgrading your FortiAnalyzer device, see the FortiAnalyzerUpgrade Guide or contact Fortinet Customer Service & Support.

Backup the configuration and database before changing the firmware of your FortiAnalyzer unit. Changing the firmware to an older or incompatible version may reset the configuration and database to the default values for that firmware version, resulting in data loss.

Before you can download firmware updates for your FortiAnalyzer unit, you must first register your FortiAnalyzer unit with Customer Service & Support. For details, go to https://support.fortinet.com/ or contact Customer Service & Support.

To update the FortiAnalyzer firmware:

Download the firmware (the .out file) from the Customer Service & Support website, https://support.fortinet.com/.
Go to System Settings > Dashboard.
In the System Information widget, in the Firmware Version field, click Upgrade Firmware. The Firmware Upload dialog box opens.
Drag and drop the file onto the dialog box, or click Browse to locate the firmware package (.out file) that you downloaded from the Customer Service & Support portal and then click Open.
Click OK. Your device will upload the firmware image and you will receive a confirmation message noting that the upgrade was successful.

Optionally, you can upgrade firmware stored on an FTP or TFTP server using the following CLI command:

execute restore image {ftp | tftp} <file path to server> <IP of server> <username on server> <password>

For more information, see the FortiAnalyzerCLI Reference.

Refresh the browser and log back into the device.
Launch the Device Manager module and make sure that all formerly added devices are still listed.
Launch other functional modules and make sure they work properly.

System Settings – FortiAnalyzer – FortiOS 6.2.3 – Configuring The System Time

Leave a reply

Configuring the system time

You can either manually set the FortiAnalyzer system time or configure the FortiAnalyzer unit to automatically keep its system time correct by synchronizing with a Network Time Protocol (NTP) server.

To configure the date and time:

Go to System Settings > Dashboard.
In the System Information widget, click the edit system time button next to the System Time
Configure the following settings to either manually configure the system time, or to automatically synchronize the FortiAnalyzer unit’s clock with an NTP server:

	System Time		The date and time according to the FortiAnalyzer unit’s clock at the time that this pane was loaded or when you last clicked the Refresh button.
	Time Zone		Select the time zone in which the FortiAnalyzer unit is located and whether or not the system automatically adjusts for daylight savings time.
	Update Time By		Select Set time to manually set the time, or Synchronize with NTP Server to automatically synchronize the time.
	Set Time		Manually set the data and time.
Select Date		Set the date from the calendar or by manually entering it in the format: YYYY/MM/DD.
Select Time		Select the time.
Synchronize with NTP Server		Automatically synchronize the date and time.
Sync Interval		Enter how often, in minutes, the device should synchronize its time with the NTP server. For example, entering 1440 causes the Fortinet unit to synchronize its time once a day.
Server		Enter the IP address or domain name of an NTP server. Click the plus icon to add more servers. To find an NTP server that you can use, go to http://www.ntp.org.

Click the checkmark to apply your changes.

System Settings – FortiAnalyzer – Changing the Host Name

Leave a reply

Changing the host name

The host name of the FortiAnalyzer unit is used in several places.

l It appears in the System Information widget on the dashboard. l It is used in the command prompt of the CLI. l It is used as the SNMP system name.

The System Information widget and the get system status CLI command will display the full host name. However, if the host name is longer than 16 characters, the CLI and other places display the host name in a truncated form ending with a tilde ( ~ ) to indicate that additional characters exist, but are not displayed. For example, if the host name is FortiAnalyzer1234567890, the CLI prompt would be FortiAnalyzer123456~#.

To change the host name:

Go to System Settings > Dashboard.
In the System Information widget, click the edit host name button next to the Host Name
In the Host Name box, type a new host name.

The host name may be up to 35 characters in length. It may include US-ASCII letters, numbers, hyphens, and underscores. Spaces and special characters are not allowed.

Click the checkmark to change the host name.

System Information Widget – FortiAnalyzer – FortiOS 6.2.3

Leave a reply

System Information widget

The information displayed in the System Information widget is dependent on the FortiAnalyzer model and device settings. The following information is available on this widget:

Host Name	The identifying name assigned to this FortiAnalyzer unit. Click the edit host name button to change the host name. For more information, see Changing the host name on page 158.
Serial Number	The serial number of the FortiAnalyzer unit. The serial number is unique to the FortiAnalyzer unit and does not change with firmware upgrades. The serial number is used for identification when connecting to the FortiGuard server.
Platform Type	Displays the FortiAnalyzer platform type, for example FAZVM64 (virtual machine).
HA Status	Displays if FortiAnalyzer unit is in High Availability mode and whether it is the Master or Slave unit in the HA cluster.
System Time	The current time on the FortiAnalyzer internal clock. Click the edit system time button to change system time settings. For more information, see Configuring the system time on page 158.
Firmware Version	The version number and build number of the firmware installed on the FortiAnalyzer unit. To update the firmware, you must download the latest version from the Customer Service & Support website at https://support.fortinet.com. Click the update button, then select the firmware image to load from the local hard disk or network volume. For more information, see Updating the system firmware on page 159.
System Configuration	The date of the last system configuration backup. The following actions are available: l Click the backup button to backup the system configuration to a file; see Backing up the system on page 160. l Click the restore to restore the configuration from a backup file; see Restoring the configuration on page 160. You can also migrate the configuration to a different FortiAnalyzer model by using the CLI. See Migrating the configuration on page 160.
Current Administrators	The number of administrators currently logged in. Click the current session list button to view the session details for all currently logged in administrators.
Up Time	The duration of time the FortiAnalyzer unit has been running since it was last started or restarted.
Administrative Domain	Displays whether ADOMs are enabled. Toggle the switch to change the Administrative Domain state. See Enabling and disabling the ADOM feature on page 179.
Operation Mode	Displays the current operation mode of the FortiAnalyzer. Click the other mode to change to it. For more information on operation modes, see Two operation modes on page 19.

System Settings -FortiAnalyzer – Dashboard FortiOS 6.2.3

Leave a reply

Dashboard

The Dashboard contains widgets that provide performance and status information and enable you to configure basic system settings.

The following widgets are available:

Widget	Description
System Information	Displays basic information about the FortiAnalyzer system, such as up time and firmware version. You can also enable or disable Administrative Domains and adjust the operation mode. For more information, see System Information widget on page 157. From this widget you can manually update the FortiAnalyzer firmware to a different release. For more information, see Updating the system firmware on page 159. The widget fields will vary based on how the FortiAnalyzer is configured, for example, if ADOMs are enabled.
System Resources	Displays the real-time and historical usage status of the CPU, memory and hard disk. For more information, see System Resources widget on page 161.
License Information	Displays how many devices of the supported maximum are connected to the FortiAnalyzer unit. See License Information widget on page 162. From this widget you can manually upload a license for VM systems.
Widget		Description
Unit Operation		Displays status and connection information for the ports of the FortiAnalyzer unit. It also enables you to shutdown and restart the FortiAnalyzer unit or reformat a hard disk. For more information, see Unit Operation widget on page 163.
Alert Message Console		Displays log-based alert messages for both the FortiAnalyzer unit and connected devices. For more information, see Alert Messages Console widget on page 163.
Log Receive Monitor		Displays a real-time monitor of logs received. You can view data per device or per log type. For more information, see Log Receive Monitor widget on page 164.
Insert Rate vs Receive Rate		Displays the log insert and receive rates. For more information, see Insert Rate vs Receive Rate widget on page 164. The Insert Rate vs Receive Rate widget is hidden when the FortiAnalyzer is operating in Collector mode, and the SQL database is disabled.
Log Insert Lag Time		Displays how many seconds the database is behind in processing the logs. For more information, see Log Insert Lag Time widget on page 165. The Log Insert Lag Time widget is hidden when the FortiAnalyzer is operating in Collector mode, and the SQL database is disabled.
Receive Rate vs Forwarding Rate		Displays the Receive Rate, which is the rate at which FortiAnalyzer is receiving logs. When log forwarding is configured, the widget also displays the log forwarding rate for each configured server. For more information, see Receive Rate vs Forwarding Rate widget on page 165.
Disk I/O		Displays the disk utilization, transaction rate, or throughput as a percentage over time. For more information, see Disk I/O widget on page 166.

Customizing the dashboard

The FortiAnalyzer system dashboard can be customized. You can select which widgets to display, where they are located on the page, and whether they are minimized or maximized. It can also be viewed in full screen by selecting the full screen button on the far right side of the toolbar.

Action	Steps
Move a widget	Move the widget by clicking and dragging its title bar, then dropping it in its new location
Add a widget	Select Toggle Widgets from the toolbar, then select the name widget you need to add.
Delete a widget	Click the Close icon in the widget’s title bar.
Customize a widget	For widgets with an edit icon, you can customize the widget by clicking the Edit icon and configuring the settings.
Reset the dashboard	Select Toggle Widgets > Reset to Default from the toolbar. The dashboards will be reset to the default view.

Configuring the operation mode – FortiAnalyzer 6.2.3

Leave a reply

Configuring the operation mode

The FortiAnalyzer unit has two operation modes: Analyzer and Collector. For more information, see Two operation modes on page 19.

When FortiAnalyzer is operating in Collector mode, the SQL database is disabled by default so logs that require the SQL database are not available in Collector mode unless the SQL database is enabled.

To change the operation mode:

Go to System Settings > Dashboard.
In the System Information widget, select Analyzer or Collector in the Operation Mode field
Click OK in the confirmation dialog box to change the operation mode.

Migrating the configuration – FortiAnalyzer 6.2.3

Leave a reply

Migrating the configuration

You can back up the system of one FortiAnalyzer model, and then use the CLI and the FTP, SCP, or SFTP protocol to migrate the settings to another FortiAnalyzer model.

If you encrypted the FortiAnalyzer configuration file when you created it, you need the password to decrypt the configuration file when you migrate the file to another FortiAnalyzer model.

To migrate the FortiAnalyzer configuration:

In one FortiAnalyzer model, go to System Settings > Dashboard.
Back up the system. See Backing up the system on page 160.
In the other FortiAnalyzer model, go to System Settings > Dashboard.
In the CLI Console widget, type the following command:

execute migrate all-settings <ftp | scp | sftp> <server> <filepath> <user> <password> [cryptpasswd]