FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
ojacinto
Staff
Staff
Article Id 191464
Description
This article explains how to change the format name for the log files archive in the FortiAnalyzer from the basic format to an extended format.  This can be helpful to identify the log file date.

Basic format: FGTXXXXX.tlog.1417797247.log
Extended format: FGTXXXXXX.2014-12-05-08:34:58.tlog.1417797247.log

Solution
In order to change the format name for the archive log files in the FortiAnalyzer the config system log setting must be changed:
# config system log settings
(settings)# get
FAZ-custom-field1   : (null)
FCH-custom-field1   : (null)
FCT-custom-field1   : (null)
FDD-custom-field1   : (null)
FGT-custom-field1   : (null)
FMG-custom-field1   : (null)
FML-custom-field1   : (null)
FSA-custom-field1   : (null)
FWB-custom-field1   : (null)
download-max-logs   : 500000
ha-auto-migrate     : disable
log-file-archive-name: basic    ----> Current setting
rolling-regular:
sync-search-timeout : 60

To change the format from basic to extended:
# config system log settings
(settings)# set log-file-archive-name extended
(settings)# end
FAZ1000D #
The log file names will then contain the date and hour in a readable format.

Contributors