This article describes that backup logs in plain format avoid LZ4 decompression.
If the logs are backed up to the FTP server, the logs are encrypted by default.
# execute backup disk alllogs ftp <IP_address> <username> <password> # execute backup disk log ftp <IP_address> <username> <password> <log_type>If it is necessary to upload the logs to Fortianalyzer, it is necessary to decrypt them using LZ4 and then upload them to the FortiAnalyzer.
Domain
FortiGate version 7.0.4+
Solution
After 7.0.4+ Firmware in all Firewall models it is possible to add an uncompressed parameter at the end of the command ‘# execute backup disk log ftp’ to have a cleartext file and that will be easier to upload to the Fortianalyzer.
# execute backup disk alllogs ftp <IP_address> <username> <password> <compressed | uncompressed> # execute backup disk log ftp <IP_address> <username> <password> <log_type> <compressed |uncompressed>Now decompressed logs that can be uploaded to FortiAnalywer.
Remark:
- This feature is only present in 7.0.4 and above.
- If you try to decompress the log file with lz4_reader and it gives a java error, use jdk-8u351-windows-x64.exe,