Created on 09-24-2009 06:18 AM Edited on 04-07-2022 01:09 PM By Anonymous
Description
Starting from 4.0 MR1 FortiAnalyzer changed the way logs are "rolled" .
The steps are:
1- The current log (the active one being written) is called tlog.log
2- When it reaches the limit (time or size) FortiAnalyzer will roll to a format like tlog.N.log where N is the itime of the first line (first log received in the file). The file modification time will match the itime of the last line (last log received in the file).
If there is already a file with such name, N will be reduced by one until a free itime it found.
3- Once the active file is rolled into a numbered file, it will not need to be changed.
4- New logs will be stored in the new current log (the one being written) called tlog.log
New formats are like : tlog.1252929496.log
If log uploading is configured, once logs are uploaded to the remote server or downloaded via GUI they are in the below format:
FG3K6A3406600001-tlog.1252929496.log-2009-09-14-14-00-14.gz
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.