Fortinet black logo

Administration Guide

Home FortiAnalyzer 7.4.2 Administration Guide
7.4.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.13
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.0
4.2.0
4.1.0
4.0.0

Device Manager

Device Manager

Use the Device Manager pane to add, configure, and manage devices and VDOMs.

After you add and authorize a device or VDOM, the FortiAnalyzer unit starts collecting logs from that device or VDOM. You can configure the FortiAnalyzer unit to forward logs to another device. See Log Forwarding.

You can toggle between a Table View and Map View from the toolbar in Device Manager.

Table View:

Three donut charts display above the list of authorized devices:

  • Status

  • Disk Quota Usage

  • Last Log Received Within

By default, the Show Charts toggle is enabled. You can select which charts appear by selecting them in the Show Charts dropdown, or you can hide all the charts by disabling the Show Charts toggle.

Mouse over the charts to see more information in a tooltip. Click a section of a chart to filter the charts and the table by that information. You can apply multiple filters across the charts. Once filtered, a filter icon appears next to the chart title; click the filter icon to remove the filter.

If you create a custom device group, it appears in the Device & Groups tree menu. Select the device group to display information about those devices.

The Device Manager table view includes the following default columns for authorized devices:

Column

Description

Device Name

Displays the name of the device.

IP Address

Displays the IP address for the device.

Platform

Displays the platform for the device.

HA Status

Displays information if the device is part of a High Availability cluster. You can manually identify devices as part of an HA cluster by editing the device information. See Editing device information.

Description

Displays a description of the device.

Firmware Version

Displays the firmware version of the device.

Serial Number

Displays the serial number of the device. The serial number is unique to the unit and does not change with firmware upgrades.

Last Log Time

Displays the date and time that the last log was received from the device.

Status

Displays the status of the device as Up or Down.

The Up/Down state is based on the status of the OFTP connection (if OFTP is supported by the device) and/or the last log receiving time.

For near realtime logging, the default log receiving threshold to determine if the device is Up or Down is 15 minutes. For scheduled uploading, the default is 6 hours.

You can configure both of these settings in the config system log settings CLI:

  • set log-interval-dev-no-logging <interger>: Set the interval in minutes of no logs received from a device before the device is considered Down.
  • set log-upload-interval-dev-no-logging <interger>: Set the interval in minutes of no logs uploaded from a device before the device is considered Down.

Logging Mode

Displays the logging mode for the device. A lock icon displays when a secure tunnel is being used to transfer logs from the device to the FortiAnalyzer unit.

Average Log Rate
(Logs/Sec)

Displays the average rate at which the device is sending logs to the FortiAnalyzer unit in log rate per second. Click the number to display a graph of historical average log rates.

Disk Quota Usage

Displays how much of the allotted disk storage space has been consumed by logs.
Map View:

The Map View provides an interactive map displaying the physical locations of authorized devices. You can navigate the map by using your mouse. Zoom in or out with the scroll wheel or with the plus (+) or minus (-) buttons on the map. When zoomed in, only the devices that are currently visible on the map are displayed in the sidebar. The sidebar provides information about the devices, including logging status, average log rate, and disk quota usage.

Previous
Next

Device Manager

Use the Device Manager pane to add, configure, and manage devices and VDOMs.

After you add and authorize a device or VDOM, the FortiAnalyzer unit starts collecting logs from that device or VDOM. You can configure the FortiAnalyzer unit to forward logs to another device. See Log Forwarding.

You can toggle between a Table View and Map View from the toolbar in Device Manager.

Table View:

Three donut charts display above the list of authorized devices:

  • Status

  • Disk Quota Usage

  • Last Log Received Within

By default, the Show Charts toggle is enabled. You can select which charts appear by selecting them in the Show Charts dropdown, or you can hide all the charts by disabling the Show Charts toggle.

Mouse over the charts to see more information in a tooltip. Click a section of a chart to filter the charts and the table by that information. You can apply multiple filters across the charts. Once filtered, a filter icon appears next to the chart title; click the filter icon to remove the filter.

If you create a custom device group, it appears in the Device & Groups tree menu. Select the device group to display information about those devices.

The Device Manager table view includes the following default columns for authorized devices:

Column

Description

Device Name

Displays the name of the device.

IP Address

Displays the IP address for the device.

Platform

Displays the platform for the device.

HA Status

Displays information if the device is part of a High Availability cluster. You can manually identify devices as part of an HA cluster by editing the device information. See Editing device information.

Description

Displays a description of the device.

Firmware Version

Displays the firmware version of the device.

Serial Number

Displays the serial number of the device. The serial number is unique to the unit and does not change with firmware upgrades.

Last Log Time

Displays the date and time that the last log was received from the device.

Status

Displays the status of the device as Up or Down.

The Up/Down state is based on the status of the OFTP connection (if OFTP is supported by the device) and/or the last log receiving time.

For near realtime logging, the default log receiving threshold to determine if the device is Up or Down is 15 minutes. For scheduled uploading, the default is 6 hours.

You can configure both of these settings in the config system log settings CLI:

  • set log-interval-dev-no-logging <interger>: Set the interval in minutes of no logs received from a device before the device is considered Down.
  • set log-upload-interval-dev-no-logging <interger>: Set the interval in minutes of no logs uploaded from a device before the device is considered Down.

Logging Mode

Displays the logging mode for the device. A lock icon displays when a secure tunnel is being used to transfer logs from the device to the FortiAnalyzer unit.

Average Log Rate
(Logs/Sec)

Displays the average rate at which the device is sending logs to the FortiAnalyzer unit in log rate per second. Click the number to display a graph of historical average log rates.

Disk Quota Usage

Displays how much of the allotted disk storage space has been consumed by logs.
Map View:

The Map View provides an interactive map displaying the physical locations of authorized devices. You can navigate the map by using your mouse. Zoom in or out with the scroll wheel or with the plus (+) or minus (-) buttons on the map. When zoomed in, only the devices that are currently visible on the map are displayed in the sidebar. The sidebar provides information about the devices, including logging status, average log rate, and disk quota usage.

Previous
Next