System

Config

For example, a company may have a headquarters and a number of branch offices. Each branch office has a FortiGate unit and a FortiAnalyzer-100A/100B to collect local log information. Those branch office FortiAnalyzer units are configured as log aggregation clients. The headquarters has a FortiAnalyzer-2000/2000A which is configured as a log aggregator. The log aggregator collects logs from each of the branch office log aggregation clients, enabling headquarters to run reports that reflect all offices.

Note: For more information about log aggregation port numbers, see the Knowledge Center article Traffic Types and TCP/UDP Ports used by Fortinet Products.

Figure 31: Example log aggregation topology

All FortiAnalyzer models can be configured as a log aggregation client, but log aggregation server support varies by FortiAnalyzer model, due to storage and resource requirements.

FortiAnalyzer Model

Aggregation Client

Aggregation Server

FortiAnalyzer-100A/100B

Yes

No

FortiAnalyzer-400

Yes

No

FortiAnalyzer-800/800B

Yes

Yes

FortiAnalyzer-2000/2000A

Yes

Yes

FortiAnalyzer-4000/4000A

Yes

Yes

FortiAnalyzer Version 3.0 MR7 Administration Guide

 

05-30007-0082-20080908

59

Page 59
Image 59
Fortinet 3.0 MR7 manual FortiAnalyzer-800/800B, FortiAnalyzer-2000/2000A, FortiAnalyzer-4000/4000A