DescriptionThis article explains how to forward logs from one FortiAnalyzer (FAZ) to another FortiAnalyzer.
Note: This feature has been depreciated as of FortiAnalzyer v5.6
The source FortiAnalyzer has to be able to reach the destination FortiAnalyzer on tcp 3000.
If the option is available it would be preferable if both devices could be directly connected by unused interfaces. It will make this interface designated for log forwarding. It will save bandwidth and speed up the aggregation time.
Here is a basic example how to enable this option:
1. Configuring client FortiAnalyzer:config system aggregation-client
edit 1
set mode aggregation
set agg-password <----- This is per-shared key. It must match the settings on the destination
set agg-time 1 <----- Log aggregation starting time. It is daily and represents hour of the day
set server-ip <----- Specifies where the logs will be forwarded. Destination FAZ IP
set server-name "" <----- Optional. Destination FAZ device name
next
end
2. Configuring the server side:config system aggregation-service
set accept-aggregation enable
set password <----- This is per-shared key. It must match the settings of the password on source from step 1
end
