Importing Events into FortiSIEM
The following tools are provided:
phClickHouseImport Tool
Description: This tool is used to migrate EventDB data into your ClickHouse database.
Usage: phClickHouseImport --src [Source Dir] --starttime [Start Time] --endtime [End Time]--host [IP Address of ClickHouse]--orgid [Organization ID]
|
Argument |
Description |
|---|---|
|
|
Provide the source directory that contains the eventDB data. The default path is
If a path is provided, the data path will be created as: <user input path> + Example: If |
--starttime [Start Time]
|
Starting time of events to be imported. It must be in the following format: "YYYY-MM-DD hh:mm:ss". The supported time zone is GMT. Make sure to enclose the Start Time with quotation marks. Example: |
--endtime [End Time]
|
The end time of events to be imported. It must be in the following format: "YYYY-MM-DD hh:mm:ss". The supported time zone is GMT. Make sure to enclose the End Time with quotation marks. Example: |
--host [IP Address of ClickHouse]
|
The host IP Address where ClickHouse running. If the host IP address is not provided, then localhost is used. The default IP address is 127.0.0.1. |
--orgid [Organization ID]
|
Provide the ID of the organization with the events to be imported. The number can be from 0 to 4294967295. Multiple entries are allowed by adding Example: |
Notes:
-
Can be run from Supervisor or Worker.
-
Can be run as admin user.
-
phClickHouseImporttool requires FortiSIEM 6.5.0 or higher. -
EventDB data needs to be copied to the machine where this tool can run.
Example:
phClickHouseImport --src /data/eventdb --starttime "2022-01-01 23:00:00" --endtime "2022-02-01 10:00:00" --orgid 1 --orgid 2001 --host 192.0.20.0
Copyright © 2023 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
