How do I backup logs in readable format to prevent LZ4 decompression from running?

This article describes that backup logs in plain format avoid LZ4 decompression.

If the logs are backed up to the FTP server, the logs are encrypted by default.

# execute backup disk alllogs ftp <IP_address> <username> <password> # execute backup disk log ftp <IP_address> <username> <password> <log_type>

If it is necessary to upload the logs to Fortianalyzer, it is necessary to decrypt them using LZ4 and then upload them to the FortiAnalyzer.

Domain

FortiGate version 7.0.4+

Solution

After 7.0.4+ Firmware in all Firewall models it is possible to add an uncompressed parameter at the end of the command ‘# execute backup disk log ftp’ ​​to have a cleartext file and that will be easier to upload to the Fortianalyzer.

# execute backup disk alllogs ftp <IP_address> <username> <password> <compressed | uncompressed> # execute backup disk log ftp <IP_address> <username> <password> <log_type> <compressed |uncompressed>

Now decompressed logs that can be uploaded to FortiAnalywer.

Remark:

  • This feature is only present in 7.0.4 and above.
  • If you try to decompress the log file with lz4_reader and it gives a java error, use jdk-8u351-windows-x64.exe,
Also Read:  ASUS TUF Gaming A15 Laptop with 140W RTX 3060, 12 Hours of Battery Life, It Can Be Yours for Just $1,079

Leave a Comment