Log arrays
Log arrays have been added to support group-based access to logs and reports. Log arrays are available in the Device Manager tab. Log arrays also allow you to manage log data belonging to FortiGate high availability (HA) clusters from a single device object. You can add VDOMs from a single device to different log arrays. You can configure and schedule reports for each log array.
| Both the device disk log quota and the log array disk log quota are enforced. The device disk log quota includes all log files, all archive files, and database space for logs on the device. The log array disk log quota includes database space used by log array tables. The device disk log quota no longer applies when it is added to a log array. |
After creating a log array, only new logs will be populated into this array. Older logs will remain on the device. To collect older logs, you will need to build the array database. Use the following CLI command to build the array database:
execute sql-local rebuild-device <log array device ID>
The SQL logs for the members of the log array will be rebuilt. To verify that the array rebuild was successful, select the Log View tab to view the log array and logs.
| Executing this command will not reboot the FortiAnalyzer device. |
| Fortinet recommends configuring log arrays prior to deploying the FortiAnalyzer into production. When adding and deleting log arrays, you will need to rebuild the database to view older logs. |
