Log fetching allows administrators to retrieve archived logs from one FortiAnalyzer device to another. The fetching FortiAnalyzer can query the server FortiAnalyzer and retrieve the log data for a specified device and time period, based on specified filters. The retrieved data are then indexed, and can be used for data analysis and reports.
The following is an overview of the log fetch workflow.
- Preparing the log fetch:
- Identify what is to be fetched, including the log device, time period, log type, and the size of the log.
- Prepare the local FortiAnalyzer by allocating enough storage to the ADOM that will receive the logs.
- Creating an admin on the remote FortiAnalyzer.
- Creating a fetch profile on the local FortiAnalyzer.
- Requesting a log fetch.
- Reviewing and approving fetch requests.
- Performing post request actions.