Logs and Reports Management

Question 1

How to Make Log Backups? How to restore them?

Answer 1

Log View allows you to download a specific filtered view
Log Browse allows you to download rolled logs.

Can also restore logs using GUI or CLI

Question 2

Storage Connector Service

Answer 2

Requires separate license for storage connector
License includes storage limitation and expiration date

In order to send logs to cloud platforms, must purchase this service. Does NOT include the storage used on the cloud provider, only the amount of data that you can transfer.

diagnose fmupdate dbcontract fds - see license validity and expiry details
diagnose test application uploadd 63 - gives details

Question 3

Log Redundacy options

Answer 3

1. FAZ HA Cluster
2. Send Logs to second logging server
3. Log forwarding in aggregation mode - if analyzer fails, collectors sends all the data and repopulates the analyzer automatically. Only support between two FAZ

Question 4

Log Forwarding Setup

Answer 4

1. Set log forwarding mode: aggregation(stores logs and content files and uploads to FAZ server at a scheduled time) or forwarding(as they are received)
2. Configure the server(log recipient). Forwarding only requires configuration on the client side. In aggregation mode, the FAZ acting as the server must be configured to accept the logs from the client
3. Configure the client. Here you can also specify which device logs to forward and set log filters

Question 5

OFTPS

Answer 5

Optimized Fabric Transfer Protocol over SSL - used when information is synchronized between FAZ and FGT. Listens on port TCP/514.
Default setting: Auto Negotiated, so OFTP server uses the OFTPS protocol only if being connected to FGT.

Question 6

Preventing Log Modification

Answer 6

Can add a log checksum
Configure FAZ to record a log file hash value, timestamp, and authentication code at transmission or rolling. Options are:
md5: just hash
md5-auth: hash and auth code
none

Can also change the OFTP certificate to custom one. Need Privacy-Enhances Mail(PEM) formatted cert and associated PEM-formatted private key.

Question 7

To send reports to an external location:

Answer 7

Each report must have notifications enabled and an output profile selected.

Question 8

Is RAID a replacement for backups?

Answer 8

NO

Question 9

FAZ provides the option to upload logs to server…(two options)

Answer 9

FAZ provides the option to upload logs to server on scheduled basis
CLI command execute backup logs sends everything to whatever device(s) you specify. Compresses before sending, so it does not begin transfer immediately.

Question 10

Default Encryption levels for FAZ and FGT when using OFTPS

Answer 10

Default encryption level for both FGT and FAZ is HIGH. The FAZ level must be equal to, or less than, the FGT’s

Question 10

T or F: Forwarding Logs has the client retain a copy of the logs.

Answer 10

True.

Subject to data policy for archive logs on FAZ client

Question 11

An output profile specifies:

Answer 11

The format of the report (HTML, PDF HTML, XML, CSV, or JSON)
Whether to email generated reports or upload to a server. Can specify one option or both, or create multiple output profiles. Server options are FTP, SFTP, SCP.
Whether to delete the report locally after uploading to the server

ADOM specific!