Configuring the Collector
To configure the Collector:
- Ensure the FortiAnalyzer Operation Mode is Collector. See Configuring the operation mode.
- Check and configure the storage policy for the Collector. See Log storage information.
For the Collector, you should allocate most of the disk space for Archive logs. You should keep the Archive logs long enough to meet the regulatory requirements of your organization. After this initial configuration, you can monitor the storage usage and adjust it as you go.
Following is a storage configuration example of the Collector.
If Keep Logs for Analytics is set to 0, the Analytics logs will be kept for unlimited days. For more information, see Configuring log storage policy.
- Set up log forwarding to enable the Collector to forward the logs to the Analyzer. See Log Forwarding. In particular,
- Set Remote Server Type to FortiAnalyzer.
- Set Server IP to the IP address of the Analyzer that this Collector will forward logs to.
- Click Select Device and select the FortiGate device that the Collector will forward logs for.