Fortinet white logo
Fortinet white logo

CLI Reference

backup

backup

Use the following commands to backup all settings or logs on your FortiAnalyzer.

When you back up the unit settings from the vdom_admin account, the backup file contains global settings and the settings for each VDOM. When you back up the unit settings from a regular administrator account, the backup file contains the global settings and only the settings for the VDOM to which the administrator belongs.

An MD5 checksum is automatically generated in the event log when backing up the configuration. You can verify a backup by comparing the checksum in the log entry with that of the backup file.

Syntax

execute backup all-settings {ftp | scp | sftp} <ip:port> <string> <username> <passwd> <ssh-cert> [crptpasswd] [force-docker]

execute backup logs <device name(s)> {ftp | scp | sftp} <ip/fqdn> <username> <passwd> <directory> [vdlist]

execute backup logs-only <device name(s)> {ftp | scp | sftp} <ip/fqdn> <username> <passwd> <directory> [vdlist]

execute backup logs-rescue <device serial number(s)> {ftp | scp | sftp} <ip> <username> <passwd> <directory> [vdlist]

execute backup reports <report schedule name(s)> {ftp | scp | sftp} <ip/fqdn> <username> <passwd> <directory> [vdlist]

execute backup reports-config <adom name(s)> {ftp | scp | sftp} <ip/fqdn> <username> <passwd> <directory> [vdlist]

Variable

Description

all-settings

Backup all FortiAnalyzer settings to a file on a server.

logs

Backup the device logs and the content archives to a specified server.

logs-only

Backup device logs excluding content archives to a specified server.

logs-rescue

Use this hidden command to backup logs regardless of DVM database for emergency reasons. This command will scan folders under /Storage/Logs/ for possible device logs to backup.

reports

Backup the reports to a specified server.

reports-config

Backup reports configuration to a specified server.

<device name(s)>

Enter the device name(s) separated by a comma, or enter all for all devices.

<device serial number(s)>

Enter the device serial number(s) separated by a comma, or enter all for all devices.

<report schedule name(s)>

Enter the report schedule name(s) separated by a comma, or enter all for all reports schedules.

<adom name(s)>

Enter the ADOM name(s) separated by a comma, or enter all for all ADOMs.

{ftp | scp | sftp}

Enter the server type: ftp, scp, or sftp.

<ip:port>

Enter the server IP address and optionally , for FTP servers, the port number.

<ip>

Enter the server IP address.

<ip/fqdn>

Enter the server IP address or fully-qualified domain name (FQDN).

<string>

Enter the path and file name for the backup.

<username>

Enter username to use to log on the backup server.

<passwd>

Enter the password for the username on the backup server.

Note: You cannot use \\ in passwords.

<ssh-cert>

Enter the SSH certification for the server. This option is only available for backup operations to SCP servers.

[crptpasswd]

Optional password to protect backup content. Leave blank for no password.

<directory>

Enter the path to where the file will be backed up to on the backup server.

[vdlist]

VD name(s), separated by commas.

[force-docker]

Optional flag to stop when the docker backup fails.

Example

This example shows how to backup the FortiAnalyzer unit system settings to a file named fmg.cfg on a server at IP address 192.168.1.23 using the admin username, and password 123457.

execute backup all-settings ftp 192.168.1.23 fmd.cfg admin 123456

Starting backup all settings in background, please wait.

# Starting transfer the backup file to FTP server...

Transferred 139.237M of 139.237M in 0:00:00s (178.065M/s)

Backup all settings...Ok.

MD5: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

backup

backup

Use the following commands to backup all settings or logs on your FortiAnalyzer.

When you back up the unit settings from the vdom_admin account, the backup file contains global settings and the settings for each VDOM. When you back up the unit settings from a regular administrator account, the backup file contains the global settings and only the settings for the VDOM to which the administrator belongs.

An MD5 checksum is automatically generated in the event log when backing up the configuration. You can verify a backup by comparing the checksum in the log entry with that of the backup file.

Syntax

execute backup all-settings {ftp | scp | sftp} <ip:port> <string> <username> <passwd> <ssh-cert> [crptpasswd] [force-docker]

execute backup logs <device name(s)> {ftp | scp | sftp} <ip/fqdn> <username> <passwd> <directory> [vdlist]

execute backup logs-only <device name(s)> {ftp | scp | sftp} <ip/fqdn> <username> <passwd> <directory> [vdlist]

execute backup logs-rescue <device serial number(s)> {ftp | scp | sftp} <ip> <username> <passwd> <directory> [vdlist]

execute backup reports <report schedule name(s)> {ftp | scp | sftp} <ip/fqdn> <username> <passwd> <directory> [vdlist]

execute backup reports-config <adom name(s)> {ftp | scp | sftp} <ip/fqdn> <username> <passwd> <directory> [vdlist]

Variable

Description

all-settings

Backup all FortiAnalyzer settings to a file on a server.

logs

Backup the device logs and the content archives to a specified server.

logs-only

Backup device logs excluding content archives to a specified server.

logs-rescue

Use this hidden command to backup logs regardless of DVM database for emergency reasons. This command will scan folders under /Storage/Logs/ for possible device logs to backup.

reports

Backup the reports to a specified server.

reports-config

Backup reports configuration to a specified server.

<device name(s)>

Enter the device name(s) separated by a comma, or enter all for all devices.

<device serial number(s)>

Enter the device serial number(s) separated by a comma, or enter all for all devices.

<report schedule name(s)>

Enter the report schedule name(s) separated by a comma, or enter all for all reports schedules.

<adom name(s)>

Enter the ADOM name(s) separated by a comma, or enter all for all ADOMs.

{ftp | scp | sftp}

Enter the server type: ftp, scp, or sftp.

<ip:port>

Enter the server IP address and optionally , for FTP servers, the port number.

<ip>

Enter the server IP address.

<ip/fqdn>

Enter the server IP address or fully-qualified domain name (FQDN).

<string>

Enter the path and file name for the backup.

<username>

Enter username to use to log on the backup server.

<passwd>

Enter the password for the username on the backup server.

Note: You cannot use \\ in passwords.

<ssh-cert>

Enter the SSH certification for the server. This option is only available for backup operations to SCP servers.

[crptpasswd]

Optional password to protect backup content. Leave blank for no password.

<directory>

Enter the path to where the file will be backed up to on the backup server.

[vdlist]

VD name(s), separated by commas.

[force-docker]

Optional flag to stop when the docker backup fails.

Example

This example shows how to backup the FortiAnalyzer unit system settings to a file named fmg.cfg on a server at IP address 192.168.1.23 using the admin username, and password 123457.

execute backup all-settings ftp 192.168.1.23 fmd.cfg admin 123456

Starting backup all settings in background, please wait.

# Starting transfer the backup file to FTP server...

Transferred 139.237M of 139.237M in 0:00:00s (178.065M/s)

Backup all settings...Ok.

MD5: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx