How to send realtime logs to FortiAnalyzer

When you configure your Fortigate box to send the logs to a Fortianalyzer box, it sends the logs in a scheduled basis. and when you test connectivity you may notice a warning saying “Logs not received” in connection status.

You should configure your fortigate box to send logs in realtime.

Go to CLI. Output should be like this.

Forti # config log fortianalyzer setting

Forti (setting) # sh
config log fortianalyzer setting
set status enable
set server 10.10.10.11
end

Forti (setting) # set upload-option realtime

Forti (setting) # end

Forti # get log fortianalyzer setting
status : enable
ips-archive : enable
max-buffer-size : 1
buffer-max-send : 1000
address-mode : static
server : 10.10.10.11
enc-algorithm : default
localid : (null)
conn-timeout : 10
monitor-keepalive-period: 5
monitor-failure-retry-period: 5
source-ip : 0.0.0.0
upload-option : realtime

Now we can test and see if it is working fine via GUI

One thought on “How to send realtime logs to FortiAnalyzer”

  1. Thanks Bud. Didnt know this was a cli command. Couldnt find it in the GUI but this worked perfectly. Much Appreciated

Leave a Reply