Log arrays
Log arrays support group-based access to logs and reports. Log arrays are available in the Device Manager tab. Log arrays also allow you to manage log data belonging to FortiGate HA clusters from a single device object. You can schedule reports for each log array.
It is recommended that you configure log arrays before deploying the FortiManager into production. When adding and deleting log arrays, you will need to rebuild the database to view older logs.
To create a new log array:
1. In the Device Manager tab, right-click on All Log Arrays and select Add Log Array in the right-click menu.The Create Log Array window appears.
2. Configure the following settings:
Name | The name of the log array. |
Description | Descriptive information about the log array. |
Disk Log Quota (MB) | Enter the disk log quota in MB. |
When Allocated Disk Space is Full | Select to overwrite the oldest logs or to stop logging when the allocated disk space is full. |
Devices | Select the plus (+) sign to add devices or VDOMs to the log array. Each device can only belong to one log array. If the device you want to add is currently assigned to another log array, you must first remove the device from the other log array. |
3. Select OK to save the log array configuration.
| After creating a log array, only new logs will be populated into it. Older logs will remain on the device. To collect older logs, you will need to rebuild the array database using the following CLI command: execute sql-local rebuild-device <log array device ID> The SQL logs for the members of the log array will be rebuilt. To verify that the array rebuild was successful, select the Log View tab and view the log array and logs. |
To rebuild a log array:
1. In the Device Manager tab, select All Log Arrays.
2. In the right content pane, right-click the log array you would like to edit and select Rebuild from the right-click menu.
The Rebuild Log Array dialog box will be displayed.
3. Select Rebuild Now.
| The time required to complete the rebuild is dependent on the number of logs in the database. |
To edit a log array:
1. In the Device Manager tab, select All Log Arrays.
2. In the right content pane, right-click the log array you would like to edit and select Edit from the right-click menu.
3. Edit the settings as required.
4. Select OK to save the changes
To delete a log array:
1. In the Device Manager tab, select All Log Arrays.
2. In the right content pane, right-click the log array you would like to delete and select Delete on the right-click menu.
3. Select OK in the confirmation window to delete the log array.
