Fortinet black logo

Administration Guide

Configuring the Analyzer

Configuring the Analyzer

To configure the Analyzer:
  1. Ensure the FortiAnalyzer Operation Mode is Analyzer. See Configuring the operation mode
  2. Check and configure the storage policy for the Analyzer. See Log storage information.

    For the Analyzer you should allocate most of the disk space for Analytics logs. You may want to keep the Analytics logs for 30–90 days. After this initial configuration, you can monitor the storage usage and adjust it as you go.

    Following is a storage configuration example of the Analyzer.

  3. Make sure that the aggregation service is enabled on the Analyzer. If not, use this CLI command to enable it:

    config system log-forward-service

    set accept-aggregation enable

    end

  4. Add the FortiGate device of the remote office that the Collector will forward logs for. See Authorizing devices.

Once the FortiGate of the remote office is added, the Analyzer starts receiving its logs from the Collector.

Configuring the Analyzer

Configuring the Analyzer

To configure the Analyzer:
  1. Ensure the FortiAnalyzer Operation Mode is Analyzer. See Configuring the operation mode
  2. Check and configure the storage policy for the Analyzer. See Log storage information.

    For the Analyzer you should allocate most of the disk space for Analytics logs. You may want to keep the Analytics logs for 30–90 days. After this initial configuration, you can monitor the storage usage and adjust it as you go.

    Following is a storage configuration example of the Analyzer.

  3. Make sure that the aggregation service is enabled on the Analyzer. If not, use this CLI command to enable it:

    config system log-forward-service

    set accept-aggregation enable

    end

  4. Add the FortiGate device of the remote office that the Collector will forward logs for. See Authorizing devices.

Once the FortiGate of the remote office is added, the Analyzer starts receiving its logs from the Collector.