Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
bksol92
Staff
Staff

Created on ‎01-31-2024 12:55 AM Edited on ‎01-31-2024 03:19 AM By Moderator

Article Id 296834

Technical Tip: Changing FortiAnalyzer's system time and its effect on logs

Description

 

This article describes how changing FortiAnalyzer's system time updates the Date/Time column in logs presented in Log View.

 

Scope

 

FortiAnalyzer.

 

Solution

 

The Date/Time column reflects the itime field in raw logs, the value of which indicates the time the log was received by FortiAnalyzer, as explained in the following KB article: Technical Note: Understanding FortiAnalyzer time-related fields in logs and SQL tables.

 

When changing FortiAnalyzer's system time, FortiAnalyzer will reset its local connection to the Postgres database with the new timezone as the connection's parameter.

 

As an example, the following FortiAnalyzer's system time is configured to Hong Kong time (GMT+8), and the logs Date/Time can be seen below:

 

system-time.PNG

 

logs.PNG

 

The system time is then changed to Jakarta time (GMT+7), and the Date/Time column is changed accordingly:

 

indo-time.PNG

 

logs2.PNG

 

Running the following debug command will show the Postgres connection being reset with the updated timezone:

 

diagnose debug application sqlplugind -1

diagnose debug enable

 

tzupdate.PNG

 

Related Article:

Technical Note: Understanding FortiAnalyzer time-related fields in logs and SQL tables

159
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.