FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
mflamingos
Staff
Staff
Article Id 196725
Description
When migrating the logs files from a FortiAnalyzer to a FortiAnalyzer-VM the files cannot be imported as they are not recognized as part of the new FortiAnalyzer cluster ID.

Solution
Backup all logs

Create the backup files using the default HA cluster ID.

execute backup logs-only <device name(s)| all> <ftp/sftp/scp> <ip> <username> <password> <directory>

Restore all logs

When restoring the backed up log files rename the backup files with the cluster ID for the new FortiAnalyzer (in this case a VM) and the start the import process.
 
execute restore logs-only <device name(s)| all> <ftp/sftp/scp> <ip> <username> <password> <directory>

Contributors