Fortinet white logo
Fortinet white logo

Administration Guide

Importing a log file

Importing a log file

Imported log files can be useful when restoring data or loading log data for temporary use. For example, if you have older log files from a device, you can import these logs to the FortiAnalyzer unit so that you can generate reports containing older data.

Log files can also be imported into a different FortiAnalyzer unit. Before importing the log file you must add all devices included in the log file to the importing FortiAnalyzer.

To insert imported logs into the SQL database, the config system sql start-time and rebuild-event-start-time must be older than the date of the logs that are imported and the storage policy for analytic data (the Keep Logs for Analytics field) must also extend back far enough.

To set the SQL start time and rebuild event start time using CLI commands:

config system sql

set start-time <start-time-and-date>

set rebuild-event-start-time <start-time-and-date>

end

Where <start-time-and-date> is in the format hh:mm yyyy/mm/dd.

To import a log file:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Log View > Log Browse and click Import in the toolbar.
  3. In the Device dropdown list, select the device the imported log file belongs to or select [Take From Imported File] to read the device ID from the log file.

    If you select [Take From Imported File], the log file must contain a device_id field in its log messages.

  4. Drag and drop the log file onto the dialog box, or click Add Files and locate the file to be imported on your local computer.

  5. Click OK. A message appears, stating that the upload is beginning, but will be canceled if you leave the page.
  6. Click OK. The upload time varies depending on the size of the file and the speed of the connection.

    After the log file is successfully uploaded, FortiAnalyzer inspects the file:

    • If the device_id field in the uploaded log file does not match the device, the import fails. Click Return to try again.
    • If you selected [Take From Imported File] and the FortiAnalyzer unit’s device list does not currently contain that device, an error is displayed stating Invalid Device ID.

Importing a log file

Importing a log file

Imported log files can be useful when restoring data or loading log data for temporary use. For example, if you have older log files from a device, you can import these logs to the FortiAnalyzer unit so that you can generate reports containing older data.

Log files can also be imported into a different FortiAnalyzer unit. Before importing the log file you must add all devices included in the log file to the importing FortiAnalyzer.

To insert imported logs into the SQL database, the config system sql start-time and rebuild-event-start-time must be older than the date of the logs that are imported and the storage policy for analytic data (the Keep Logs for Analytics field) must also extend back far enough.

To set the SQL start time and rebuild event start time using CLI commands:

config system sql

set start-time <start-time-and-date>

set rebuild-event-start-time <start-time-and-date>

end

Where <start-time-and-date> is in the format hh:mm yyyy/mm/dd.

To import a log file:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Log View > Log Browse and click Import in the toolbar.
  3. In the Device dropdown list, select the device the imported log file belongs to or select [Take From Imported File] to read the device ID from the log file.

    If you select [Take From Imported File], the log file must contain a device_id field in its log messages.

  4. Drag and drop the log file onto the dialog box, or click Add Files and locate the file to be imported on your local computer.

  5. Click OK. A message appears, stating that the upload is beginning, but will be canceled if you leave the page.
  6. Click OK. The upload time varies depending on the size of the file and the speed of the connection.

    After the log file is successfully uploaded, FortiAnalyzer inspects the file:

    • If the device_id field in the uploaded log file does not match the device, the import fails. Click Return to try again.
    • If you selected [Take From Imported File] and the FortiAnalyzer unit’s device list does not currently contain that device, an error is displayed stating Invalid Device ID.