FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
cfirpo_FTNT
Staff
Staff
Article Id 197957
Description
On occasions problems may be encountered when downloading logs from the FortiAnalyzer GUI in earlier versions of 5.2.x

Fortiview  > Log view >  Tools >  Download

After selecting download, there may appear to be no activity or confirmation that the files are being prepared.

This is a memory intensive task depending on how much information is being downloaded, but if the system is working properly it should present a "preparing download" dialogue box, and process the download accordingly.

Scope
Downloading logs via FortiAnalyzer GUI

Solution
It is usually helpful to set the download-max-logs parameter depending on the firmware version that is being used.  The 'get system status' command can be used to check the current OS version.
config system log settings
set download-max-logs 5000000
end
where 5,000,000 is the maximum value.

If the command is not available, it may be necessary to upgrade to the next patch on the FortiAnalyzer.
config system log settings
set ?
Once this parameter has been set then it should be possible to download logs via the GUI without issue.

Contributors