System Settings

System Resources widget

The System Resources widget displays the usage status of the CPUs, memory, and hard disk. You can view system resource information in real-time or historical format, as well as average or individual CPU usage.

On VMs, warning messages are displayed if the amount of memory or the number of CPUs assigned are too low, or if the allocated hard drive space is less than the licensed amount. These warnings are also shown in the notification list (see GUI overview on page 12). Clicking on a warning opens the FortiAnalyzerVM Install Guide.

To toggle between real-time and historical data, click Edit in the widget toolbar, select Historical or Real-time, edit the other settings as required, then click OK.

To view individual CPU usage, from the Real-Time display, click on the CPU chart. To go back to the standard view, click the chart again.

License Information widget

The License Information widget displays the number of devices connected to the FortiAnalyzer.

Unit Operation widget

The Unit Operation widget graphically displays the status of each port. The port name indicates its status by its color. Green indicates the port is connected. Grey indicates there is no connection.

Hover the cursor over the ports to view a pop-up that displays the full name of the interface, the IP address and netmask, the link status, the speed of the interface, and the amounts of sent and received data.

Alert Messages Console widget

The Alert Message Console widget displays log-based alert messages for both the FortiAnalyzer unit itself and connected devices.

Alert messages help you track system events on your FortiAnalyzer unit such as firmware changes, and network events such as detected attacks. Each message shows the date and time the event occurred.

Click Edit from the widget toolbar to view the Alert Message Console Settings, where you can adjust the number of entries that are visible in the widget, and the refresh interval.

To view a complete list of alert messages, click Show More from the widget toolbar. The widget will show the complete list of alerts. To clear the list, click Delete All Messages. Click Show Less to return to the previous view.

Log Receive Monitor widget

The Log Receive Monitor widget displays the rate at which the FortiAnalyzer unit receives logs over time. Log data can be displayed by either log type or device.

Hover the cursor over a point on the graph to see the exact number of logs that were received at a specific time. Click the name of a device or log type to add or remove it from the graph. Click Edit in the widget toolbar to modify the widget’s settings.

Insert Rate vs Receive Rate widget

The Insert Rate vs Receive Rate widget displays the log insert and log receive rates over time.

l Log receive rate: how many logs are being received. l Log insert rate: how many logs are being actively inserted into the database.

If the log insert rate is higher than the log receive rate, then the database is rebuilding. The lag is the number of logs waiting to be inserted.

Hover the cursor over a point on the graph to see the exact number of logs that were received and inserted at a specific time. Click Receive Rate or Insert Rate to remove those data from the graph. Click the edit icon in the widget toolbar to adjust the time interval shown on the graph and the refresh interval.

Log Insert Lag Time widget

The Log Insert Lag Time widget displays how many seconds the database is behind in processing the logs.

Click the edit icon in the widget toolbar to adjust the time interval shown on the graph and the refresh interval (0 to disable) of the widget.

Receive Rate vs Forwarding Rate widget

The Receive Rate vs Forwarding Rate widget displays the rate at which the FortiAnalyzer is receiving logs. When log forwarding is configured, the widget also displays the log forwarding rate for each configured server.

Click the edit icon in the widget toolbar to adjust the time period shown on the graph and the refresh interval, if any, of the widget.

Disk I/O widget

The Disk I/O widget shows the disk utilization (%), transaction rate (requests/s), or throughput (KB/s), versus time.

Click the edit icon in the widget toolbar to select which chart is displayed, the time period shown on the graph, and the refresh interval (if any) of the chart.

Configuring the operation mode

The FortiAnalyzer unit has two operation modes: Analyzer and Collector.

When FortiAnalyzer is operating in Collector mode, the SQL database is disabled by default so logs that require the SQL database are not available in Collector mode unless the SQL database is enabled.

To change the operation mode:

1. Go to System Settings > Dashboard.
2. In the System Information widget, select Analyzer or Collector in the Operation Mode field
3. Click OK in the confirmation dialog box to change the operation mode.

Migrating the configuration

You can back up the system of one FortiAnalyzer model, and then use the CLI and the FTP, SCP, or SFTP protocol to migrate the settings to another FortiAnalyzer model.

If you encrypted the FortiAnalyzer configuration file when you created it, you need the password to decrypt the configuration file when you migrate the file to another FortiAnalyzer model.

To migrate the FortiAnalyzer configuration:

1. In one FortiAnalyzer model, go to System Settings > Dashboard.
2. Back up the system. See Backing up the system on page 160.
3. In the other FortiAnalyzer model, go to System Settings > Dashboard.
4. In the CLI Console widget, type the following command:

execute migrate all-settings <ftp | scp | sftp> <server> <filepath> <user> <password> [cryptpasswd]

Restoring the configuration

You can use the following procedure to restore your FortiAnalyzer configuration from a backup file on your management computer.

To restore the FortiAnalyzer configuration:

1. Go to System Settings > Dashboard.
2. In the System Information widget, click the restore button next to System Configuration. The Restore System dialog box opens.
3. Configure the following settings then select OK.

Backing up the system

Fortinet recommends that you back up your FortiAnalyzer configuration to your management computer on a regular basis to ensure that, should the system fail, you can quickly get the system back to its original state with minimal affect to the network. You should also perform a back up after making any changes to the FortiAnalyzer configuration or settings that affect the connected devices.

Fortinet recommends backing up all configuration settings from your FortiAnalyzer unit before upgrading the FortiAnalyzer firmware.

To back up the FortiAnalyzer configuration:

1. Go to System Settings > Dashboard.
2. In the System Information widget, click the backup button next to System Configuration. The Backup System dialog box opens
3. If you want to encrypt the backup file, select the Encryption box, then type and confirm the password you want to use. The password can be a maximum of 63 characters.
4. Select OK and save the backup file on your management computer.

Updating the system firmware

To take advantage of the latest features and fixes, the FortiAnalyzer firmware can be updated. For information about upgrading your FortiAnalyzer device, see the FortiAnalyzerUpgrade Guide or contact Fortinet Customer Service & Support.

Backup the configuration and database before changing the firmware of your FortiAnalyzer unit. Changing the firmware to an older or incompatible version may reset the configuration and database to the default values for that firmware version, resulting in data loss.

Before you can download firmware updates for your FortiAnalyzer unit, you must first register your FortiAnalyzer unit with Customer Service & Support. For details, go to https://support.fortinet.com/ or contact Customer Service & Support.

To update the FortiAnalyzer firmware:

1. Download the firmware (the .out file) from the Customer Service & Support website, https://support.fortinet.com/.
2. Go to System Settings > Dashboard.
3. In the System Information widget, in the Firmware Version field, click Upgrade Firmware. The Firmware Upload dialog box opens.
4. Drag and drop the file onto the dialog box, or click Browse to locate the firmware package (.out file) that you downloaded from the Customer Service & Support portal and then click Open.
5. Click OK. Your device will upload the firmware image and you will receive a confirmation message noting that the upgrade was successful.

Optionally, you can upgrade firmware stored on an FTP or TFTP server using the following CLI command:

execute restore image {ftp | tftp} <file path to server> <IP of server> <username on server> <password>

For more information, see the FortiAnalyzerCLI Reference.

6. Refresh the browser and log back into the device.
7. Launch the Device Manager module and make sure that all formerly added devices are still listed.
8. Launch other functional modules and make sure they work properly.

Configuring the system time

You can either manually set the FortiAnalyzer system time or configure the FortiAnalyzer unit to automatically keep its system time correct by synchronizing with a Network Time Protocol (NTP) server.

To configure the date and time:

1. Go to System Settings > Dashboard.
2. In the System Information widget, click the edit system time button next to the System Time
3. Configure the following settings to either manually configure the system time, or to automatically synchronize the FortiAnalyzer unit’s clock with an NTP server:

4. Click the checkmark to apply your changes.