Configuring multiple FortiAnalyzers on a FortiGate in multi-VDOM mode

This topic shows a sample configuration of multiple FortiAnalyzers on a FortiGate in multi-VDOM mode.

In this example:

  • The FortiGate has three VDOMs:
    • Root (management VDOM)
    • VDOM1
    • VDOM2
  • There are four FortiAnalyzers.

    These IP addresses are used as examples in the instructions below.

    • FAZ1: 172.16.200.55
    • FAZ2: 172.18.60.25
    • FAZ3: 192.168.1.253
    • FAZ4: 192.168.1.254
  • Set up FAZ1 and FAZ2 under global.
    • These two collect logs from the root VDOM and VDOM2.
    • FAZ1 and FAZ2 must be accessible from management VDOM root.
  • Set up FAZ3 and FAZ4 under VDOM1.
    • These two collect logs from VDOM1.
    • FAZ3 and FAZ4 must be accessible from VDOM1.
To set up FAZ1 as global FortiAnalyzer 1 from the GUI:

Prerequisite: FAZ1 must be reachable from the management root VDOM.

  1. Go to Global > Log & Report > Log Settings.
  2. Enable Send logs to FortiAnalyzer/FortiManager.
  3. Enter the FortiAnalyzer IP.

    In this example: 172.16.200.55.

  4. For Upload option, select Real Time.
  5. Click Apply.
To set up FAZ2 as global FortiAnalyzer 2 from the CLI:

Prerequisite: FAZ2 must be reachable from the management root VDOM.