FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
smurthi_FTNT
Staff
Staff
Article Id 193288
Description
This article provides the steps to set log and report retention values to store the logs and reports for longer time using the File Management setting.

Solution
The following options can be used to keep the logs and reports for a longer time before they are auto-deleted permanently.

GUI

Go to System Settings > Advanced > File Management > Select the required option > Set the value in terms of Hours or Days or Weeks or Months > Click on Apply.

CLI

These setting can also be configured using CLI commands:
config system auto-delete
      config dlp-files-auto-deletion
             set status {enable | disable}
             set value <integer>
             set when {days | hours | months | weeks}
       end
       config quarantine-files-auto-deletion
             set status {enable | disable}
             set value <integer>
             set when {days | hours | months | weeks}
       end
       config log-auto-deletion
             set status {enable | disable}
             set value <integer>
             set when {days | hours | months | weeks}
       end
       config report-auto-deletion
             set status {enable | disable}
             set value <integer>
             set when {days | hours | months | weeks}
      end
end

Note: Set the quota size for each device/ADOM to a value which is large enough to store the logs for a longer time.

Contributors