--> Forti Analyzer collects log data from one or more Fortinet devices which provides a centralized view of security events taking place on the network.
--> This total process works in three steps,
i) Fortigate devices send log data to the Forti Analyzer.
ii) Forti Analyzer accepts log data, reorganizes the log data and stores it into the memory.
iii) Administrators can view the logs or create the reports based on stored logs.
--> Forti Analyzer also generates alerts based upon configured conditions in the logs to react to network security alerts quickly.
--> Network Admin need to configure DNS Servers in Forti Analyzer to resolve hostnames in the log messages.
--> Forti Analyzer uses SQL for logging and reporting.
--> The log data which is received from multiple Fortinet devices is stored in SQL database for logging and reporting.
--> We can use Custom SQL queries for extracting the data from Forti Analyzer.
--> A Forti Analyzer device operates in two modes,
i) Analyzer:
--> Default Mode.
--> Collects log data from all the Fortinet devices as well as analyzes log data.
--> Can also forward the data to other Forti Analyzer or syslog server.
ii) Collector
--> Only collects log data from all the Fortinet devices.
--> Forwards the collected log data to the Forti Analyzer which is working in Analyzer mode.
--> No Event and Report Management Capabilities in this mode.
--> By using Forti Analyzer we can also log administrator activity such as configuration changes and logins on Fortinet devices.
--> This total process works in three steps,
i) Fortigate devices send log data to the Forti Analyzer.
ii) Forti Analyzer accepts log data, reorganizes the log data and stores it into the memory.
iii) Administrators can view the logs or create the reports based on stored logs.
--> Forti Analyzer also generates alerts based upon configured conditions in the logs to react to network security alerts quickly.
--> Network Admin need to configure DNS Servers in Forti Analyzer to resolve hostnames in the log messages.
--> Forti Analyzer uses SQL for logging and reporting.
--> The log data which is received from multiple Fortinet devices is stored in SQL database for logging and reporting.
--> We can use Custom SQL queries for extracting the data from Forti Analyzer.
--> A Forti Analyzer device operates in two modes,
i) Analyzer:
--> Default Mode.
--> Collects log data from all the Fortinet devices as well as analyzes log data.
--> Can also forward the data to other Forti Analyzer or syslog server.
ii) Collector
--> Only collects log data from all the Fortinet devices.
--> Forwards the collected log data to the Forti Analyzer which is working in Analyzer mode.
--> No Event and Report Management Capabilities in this mode.
--> By using Forti Analyzer we can also log administrator activity such as configuration changes and logins on Fortinet devices.
0 Comments