Log arrays
Log arrays have been added to support group-based access to logs and reports. Log arrays are available in the Device Manager tab under the Devices & Groups menu. Log arrays also allow you to manage log data belonging to FortiGate HA clusters from a single device object. You can schedule reports for each log array.
After creating a log array, only new logs will be populated into this array. Older logs will remain on the device. To collect older logs, you will need to build the array database. Use the following CLI command to build the array database:
execute sql-local rebuild-device <log array device ID>
The SQL logs for the members of the log array will be rebuilt. To verify that the array rebuild was successful, select the Log View tab to view the log array and logs.
| Executing this command will not reboot the FortiManager device. |
| Fortinet recommends configuring log arrays prior to deploying the FortiManager into production. When adding and deleting log arrays, you will need to rebuild the database to view older logs. |