How to send realtime logs to FortiAnalyzer

When you configure your Fortigate box to send the logs to a Fortianalyzer box, it sends the logs in a scheduled basis. and when you test connectivity you may notice a warning saying “Logs not received” in connection status.

You should configure your fortigate box to send logs in realtime.

Go to CLI. Output should be like this.

Forti # config log fortianalyzer setting

Forti (setting) # sh
config log fortianalyzer setting
set status enable
set server 10.10.10.11
end

Forti (setting) # set upload-option realtime

Forti (setting) # end

Forti # get log fortianalyzer setting
status : enable
ips-archive : enable
max-buffer-size : 1
buffer-max-send : 1000
address-mode : static
server : 10.10.10.11
enc-algorithm : default
localid : (null)
conn-timeout : 10
monitor-keepalive-period: 5
monitor-failure-retry-period: 5
source-ip : 0.0.0.0
upload-option : realtime

Now we can test and see if it is working fine via GUI