Configuring multiple FortiAnalyzers on a FortiGate in multi-VDOM mode
This topic shows a sample configuration of multiple FortiAnalyzers on a FortiGate in multi-VDOM mode.
In this example:
- The FortiGate has three VDOMs:
- Root (management VDOM)
- VDOM1
- VDOM2
- There are four FortiAnalyzers.
These IP addresses are used as examples in the instructions below.
- FAZ1:
172.16.200.55
- FAZ2:
172.18.60.25
- FAZ3:
192.168.1.253
- FAZ4:
192.168.1.254
- FAZ1:
- Set up FAZ1 and FAZ2 under global.
- These two collect logs from the root VDOM and VDOM2.
- FAZ1 and FAZ2 must be accessible from management VDOM root.
- Set up FAZ3 and FAZ4 under VDOM1.
- These two collect logs from VDOM1.
- FAZ3 and FAZ4 must be accessible from VDOM1.
To set up FAZ1 as global FortiAnalyzer 1 from the GUI:
Prerequisite: FAZ1 must be reachable from the management root VDOM.
- Go to Global > Log & Report > Log Settings.
- Enable Send logs to FortiAnalyzer/FortiManager.
- Enter the FortiAnalyzer IP.
In this example:
172.16.200.55
. - For Upload option, select Real Time.
- Click Apply.
To set up FAZ2 as global FortiAnalyzer 2 from the CLI:
Prerequisite: FAZ2 must be reachable from the management root VDOM.