DescriptionThis article describes how to convert timestamps in FortiAnalyzer log file names.
When uploading log files to a FTP server, a FortiAnalyzer will use the following format for the filename:
<FGT_SN>-<type>log.<itime>-<date>.gz
Where:
<FGT_SN> FortiGate serial number.
<type> Log type. For example: tlog for traffic logs, elog for event logs.
<itime> Internal time of the first log in the file.
<date> Date and time of last log entry in the file.
The internal time is expressed using epoch time (also known as Unix time).
SolutionFortiAnalyzer uses epoch date/time format which is not readable. For example:
FGT60D4614079321.tlog.1444563489.log
The log files can be renamed in a user friendly format by setting log-file-archive-name option under system log settings to Extended instead of its default value basic:
# config system log settings
(settings)# set log-file-archive-name extended
(settings)# end
The file on FTP server will then be named as:
FGT60D4614079321.2015-12-10-11:38:09.tlog.1444563489.log
A number of online epoch convertors are available and can be used to read epoch format timestamps. For example: http://www.epochconverter.com/
