FortiAnalyzer Features

FortiAnalyzer features can be enabled either for a FortiManager unit or for managed FortiAnalyzer units, but not for both at the same time. The features can be used to view and analyze logs from devices with logging enabled that are managed by the FortiManager.

When the features are enabled manually, logs are stored and FortiAnalyzer features are configured on the FortiManager.

When the features are enabled by adding a FortiAnalyzer to the FortiManager, logs are stored and log storage settings are configured on the FortiAnalyzer device. Managed devices with logging enabled send logs to the FortiAnalyzer. The FortiManager remotely accesses logs on the FortiAnalyzer unit and displays the information. See Adding FortiAnalyzer devices.

When FortiAnalyzer features are enabled, the following modules are available:


View summaries of log data. For example, you can view top threats to your network, top sources of network traffic, top destinations of network traffic and so on. See FortiView.


View multiple panes of network activity, including monitoring network security, WiFi security, and system performance. See NOC

Log View

View log messages from managed devices with logging enabled. You can view the traffic log, event log, or security log information. See Log View.

Event Management

View events from logs that you want to monitor. You can specify what log messages to display as events by configuring event handlers. See Event Management.


Generate reports of data from logs. See Reports.

When FortiAnalyzer features are manually enabled, the following options are available on the System Settings module:

Dashboard widgets

The following widgets can be added to the dashboard: Log Receive Monitor, Insert Rate vs Receive Rate, Log Insert Lag Time, Receive Rate vs Forwarding Rate, and Disk I/O.

The License Information widget will include a Logging section. See Dashboard.

Logging Topology

View the logging topology. See Logging Topology.

Storage Info

View and configure log storage policies.

This pane is only available when ADOMs are enabled.

Fetcher Management

Configure log fetching. See Fetcher Management.

Device Log Settings

Configure device log file size, log rolling, and scheduled uploads to a server. See Device logs.

File Management

Configure the automatic deletion of device log files, quarantined files, reports, and content archive files after a set period of time. See File Management.

Various other settings and information will be included on the FortiManager when FortiAnalyzer features are enabled.