Fortinet white logo
Fortinet white logo

FortiSIEM Reference Architecture Using ClickHouse

A Note on Event Storage Options

A Note on Event Storage Options

FortiSIEM supports several event database storage options:

  1. FortiSIEM integrated ClickHouse (supported from FortiSIEM v6.5.0 and later)

  2. FortiSIEM EventDB

  3. External Elasticsearch cluster

Many customers will find that the FortiSIEM integrated ClickHouse event storage option provides the best combination of performance, scalability, and overall solution cost. This document assumes the use of the ClickHouse event storage option throughout unless otherwise stated.

The FortiSIEM Reference Architecture document for using FortiSIEM eventDB can be found here: https://www.fortinet.com/content/dam/maindam/PUBLIC/02_MARKETING/02_Collateral/DeploymentGuide/dg-fortisiem-reference-architecture.pdf

The available features, architecture, and performance of FortiSIEM may be different when using the EventDB or Elasticsearch. Details of the other storage options can be found in the FortiSIEM product documentation and online help.

A Note on Event Storage Options

A Note on Event Storage Options

FortiSIEM supports several event database storage options:

  1. FortiSIEM integrated ClickHouse (supported from FortiSIEM v6.5.0 and later)

  2. FortiSIEM EventDB

  3. External Elasticsearch cluster

Many customers will find that the FortiSIEM integrated ClickHouse event storage option provides the best combination of performance, scalability, and overall solution cost. This document assumes the use of the ClickHouse event storage option throughout unless otherwise stated.

The FortiSIEM Reference Architecture document for using FortiSIEM eventDB can be found here: https://www.fortinet.com/content/dam/maindam/PUBLIC/02_MARKETING/02_Collateral/DeploymentGuide/dg-fortisiem-reference-architecture.pdf

The available features, architecture, and performance of FortiSIEM may be different when using the EventDB or Elasticsearch. Details of the other storage options can be found in the FortiSIEM product documentation and online help.