You can configure supported devices to send logs to the FortiAnalyzer device. These devices are displayed in the root ADOM as unauthorized devices. You can quickly view unauthorized devices by clicking Unauthorized Devices in the quick status bar. You must authorize the devices before FortiAnalyzer can start receiving logs from the devices.
When ADOMs are enabled, you can assign the device to an ADOM. When authorizing multiple devices at one time, they are all added to the same ADOM.
When you delete a device or VDOM from the FortiAnalyzer unit, its raw log files are also deleted. SQL database logs are not deleted.
To authorize devices:
- In the root ADOM, go to Device Manager and click Unauthorized Devices in the quick status bar. The content pane displays the unauthorized devices.
- If necessary, select the Display Hidden Devices check box to display hidden unauthorized devices.
- Select the unauthorized device or devices, then click Authorize. The Authorize Device dialog box opens.
- If ADOMs are enabled, select the ADOM in the Add the following device(s) to ADOM list. If ADOMs are disabled, select root.
- Click OK to authorize the device or devices.
The device or devices are authorized, and FortiAnalyzer can start receiving logs from the device or devices.