--> The FortiAnalyzer allows you to aggregate logs from all the Fortinet devices in your organization to provide a central management to view logs, alerts and run reports.
--> Forti Analyzer works in Collector Mode and Analyzer Mode.
--> Every FortiAnalyzer can handle the only limited number of logs per second whether it is working in hardware or VM.
--> For example if your organization is having so many offices and every office is running with so many Fortinet devices then it would not be a good idea to have all these devices send their logs to only one FortiAnalyzer.
--> In this case, you can configure one fortianalyzer in collector mode and other fortianalyzers in analyzer mode.
--> The function of a Forti Analyzer working in a collector mode is simply to collect the logs from all the devices as there is no reporting function.
--> We can use FortiAnalyzer VMs as a collector which have no GB per day limitation as their standard config does.
--> In order to implement this, we need to perform following tasks on fortianalyzer,
1. Configure one Forti Analyzer as a collector by navigating System Settings > Dashboard. and change the Operation Mode of fortianalyzer.
2. Configure all the fortinet devices to send the logs to forti analyzer which is configured as collector mode by navigating to Log & Report > Log Settings.
3. Setup log forwarding on collectors to forward all the collected logs to fortianalyzer which is working in analyzer mode.
4. Add Fortinet devices on the FortiAnalyzer which is working in Analyzer mode.
Ref: Fortinet.com
MD.Kareemoddin
CCIE # 54759
0 comments:
Post a Comment