Importing Events into FortiSIEM
The following tools are provided:
phClickHouseImport Tool
Description: This tool is used to migrate EventDB data into your ClickHouse database.
Usage: phClickHouseImport --src [Source Dir] --starttime [Start Time] --endtime [End Time]
--host [IP Address of the ClickHouse Server that the data will be imported to]
--orgid [Organization ID]
Argument |
Description |
---|---|
|
Provide the source directory that contains the eventDB data. The default path is
If a path is provided, the data path will be created as: <user input path> + Example: If |
--starttime [Start Time]
|
Starting time of events to be imported. It must be in the following format: "YYYY-MM-DD hh:mm:ss". The supported time zone is GMT. Make sure to enclose the Start Time with quotation marks. Example: |
--endtime [End Time]
|
The end time of events to be imported. It must be in the following format: "YYYY-MM-DD hh:mm:ss". The supported time zone is GMT. Make sure to enclose the End Time with quotation marks. Example: |
--host [IP Address of the ClickHouse Server that the data will be imported to]
|
The IP address of the ClickHouse server that the data will be imported to. If the host IP address is not provided, then localhost is used. The default IP address is 127.0.0.1. |
--orgid [Organization ID]
|
Provide the ID of the organization with the events to be imported. The number can be from 0 to 4294967295. Multiple entries are allowed by adding Example: |
Notes:
-
Can be run from Supervisor or Worker.
-
Can be run as admin user.
-
phClickHouseImport
tool requires FortiSIEM 6.5.0 or higher. -
EventDB data needs to be copied to the machine where this tool can run.
Example:
phClickHouseImport --src /data/eventdb --starttime "2022-01-01 23:00:00" --endtime "2022-02-01 10:00:00" --orgid 1 --orgid 2001 --host 192.0.20.0