Description
In FortiAnalyzer firmware version v5.4, there are some changes to the way in which FortiGate cluster log storage is handled compared to firmware version 5.2.
Solution
In FortiAnalyzer firmware v5.2, to create a FortiGate cluster from two existing standalone devices with their own logs, the command "#execute log device logstore move" could be used. Details of this command are given in the two related KB articles.
This command no longer exists in firmware version 5.4.
The following can be set instead:
config system log settings
set ha-auto-migrate enable
end
When then adding an already existing FortiGate to a cluster in FortiAnalyzer, the logs will be added to the cluster logs.
The command "#execute log device logstore move" was removed because different to v5.2, in v5.4 each device, even if it is a cluster member, keeps an individual logstore; there is no cluster directory anymore, but only log directories for each cluster node. This also means that far less free disk space is needed than in FortiAnalyzer v5.2 to migrate a standalone FortiGate into a cluster, as no logs need to be copied into a cluster log directory.
Related Articles
Technical Note: Missing logs - Manual migration of former standalone FortiGate devices to HA Cluster...
Technical Note: Missing logs - How to migrate former standalone FortiGate devices to HA Cluster on F...
