Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
avizzari
Staff
Staff

Created on ‎09-24-2009 06:18 AM Edited on ‎04-07-2022 01:09 PM By Anonymous

Article Id 193525

Technical Note : FortiAnalyzer 4.0 MR1 Rolling method

Description
Starting from 4.0 MR1 FortiAnalyzer changed the way logs are "rolled" .

Previous to 4.0 MR1 FortiAnalyzer was using an incremental decimal numbering method.


The steps are:

1- The current log (the active one being written) is called tlog.log
2- When it reaches the limit (time or size) FortiAnalyzer will roll to a format like tlog.N.log where N is the itime of the first line (first log received in the file). The file modification time will match the itime of the last line (last log received in the file).
If there is already a file with such name, N will be reduced by one until a free itime it found.
3- Once the active file is rolled into a numbered file, it will not need to be changed.
4- New logs will be stored in the new current log (the one being written) called tlog.log

New formats are like :  tlog.1252929496.log

If log uploading is configured, once logs are uploaded to the remote server or downloaded via GUI they are in the below format:

FG3K6A3406600001-tlog.1252929496.log-2009-09-14-14-00-14.gz



832
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.