What must you consider when using log fetching? (Choose two.)
What must you consider when using log fetching? (Choose two.)
When using log fetching, two crucial factors must be considered: First, the fetch client has the capability to retrieve logs from devices that are not yet added to its local Device Manager. This means that while it can fetch logs, the logs won't be viewable until the corresponding devices are added. Second, it is possible to use filters to include logs from a specific device. This allows for more targeted log retrieval, ensuring that only the relevant logs are fetched based on the defined criteria.
- retrieve archive logs from another FAZ and run queries or reports on those archived logs - you can do the log fetching but you won't be able to see the logs if you do not add the FAZ to the Device Manager (pages 77-78) So I think B and D are more accurate answers.
For me its a trick question, because the answer C "The fetching profile must include a user with the Super_User profile." give us a sensation that only Super User profile must be include, but in fact we can include Standard User as well, because of that I believe answer D is more accurable
B and D are correct About answer B, check it on FortiAnalyzer Analyst 7.2 Study Guide, p. 77 and https://docs.fortinet.com/document/fortianalyzer/7.4.2/administration-guide/651442/log-fetching About answer D, I've just tried the functionally on lab and on production, and I had just archived logs on FortiAnalyzer client. To see analytics logs, it's necessary wait the rebuild ADOM.
You can fetch logs without the device in device manager. However, to view the logs you need to add it. Answer is A, B.
Possible answer as to why D is not correct: When you fetch archived logs from the server, its done for the purpose of analyzing and/or running reports on them. I believe the client stores these archived logs separately from its own normal archived logs, and manages them independently.
B and D are correct. Ref: FortiAnalyzer_7.4_Analyst_Study_Guide-Online.pdf pag 84
Please, could you indicate the precise justification for option D in FortiAnalyzer_7.4_Analyst_Study_Guide-Online.pdf page 84?
A. (F) In FortiAnalyzer Analyst 7.2 Study Guide, p. 78 indicates that it must be the Device Manager but not necessarily a Local Device Manager. B. (V) In FortiAnalyzer Analyst 7.2 Study Guide, p. 78 indicates that you can choose filters that include logs from specific devices (it can be a single device) C. (V) In FortiAnalyzer Analyst 7.2 Study Guide, p. 77 indicates in the image of point number one that "must have Super_User or Standard_User profile" D. (F) In FortiAnalyzer Analyst 7.2 Study Guide, p. 77 indicates the following statement "The FortiAnalyzer device that fetches logs operates as the fetch client, and the other Fortinalyzer device that send logs operates as the fetch server". They focus on the devices, they never mention such terms for archive logs.
Hi!, Answer D states that the user has to be included in the Super_User profile, it does not present it as an option. In the study guide it is presented as an option since it can also be Standard_User. Reference: The fetch server administrator user name and password must be for an administrator with either a Standard_User or Super_User profile https://docs.fortinet.com/document/fortianalyzer/7.4.2/administration-guide/785943/fetching-profiles
Sorry, I was referring to answer C, it is not correct.
for option D, page 77 states: "This allows FortiAnalyzer to fetch the archived logs of specified devices from another FortiAnalyzer...". It does mention fetching archived logs, but not necessarily that they are archived when they get to the client. I assume I can make a case for A and B as well: A: page 78 on the slide says "You must add the devices to Device Manager before you can see the logs in the client. You can do the log fetching BEFORE adding the devices, but y ou won't be able to see the logs". For A to be wrong because it says local DM and not DM seems like they are trying to trick you, and I havent really noticed that on other questions. C. Page 78 on the slide: During the request, you can choose filters to include:..."
I meant to put B and not C. We need an edit button
After revisiting this question, I suppose that it is broken. A copule of days I've explained about answers B and D such as correct, but answer A is also true: The fetch client can retrieve logs from devices that are not added to its local Device Manager, I did it on lab. If we Pass through the understanding about *maybe* answer D is incorrect, if we consider "...become archive logs in the client" that original logs will be moved from fetch server to client, and that's don't occurr.
In the lab, I assume you fetched the logs from another FortiAnalyzer? I think if A. stated that it can fetch from FA devices that are not on the Device Manger, then that would be correct. The question just says devices, but FA can't fetch from non-FA devices as far as I'm aware. I could be wrong though
B and D D: The fetch server administrator user name and password must be for an administrator with either a Standard_User or Super_User profile. https://docs.fortinet.com/document/fortianalyzer/7.4.2/administration-guide/785943/fetching-profiles
https://docs.fortinet.com/document/fortianalyzer/7.4.2/administration-guide/651442/log-fetching The fetching FortiAnalyzer can query the server FortiAnalyzer and retrieve the log data for a specified device and time period, based on specified filters. https://docs.fortinet.com/document/fortianalyzer/7.4.2/administration-guide/559986/fetch-requests The data policy for the local ADOM on the client must also support fetching logs from the specified time period. It must keep both archive and analytics logs long enough so they will not be deleted in accordance with the policy. For example: Today is July 1, the ADOM's data policy is configured to keep analytics logs for 30 days (June 1 - 30), and you need to fetch logs from the first week of May. The data policy of the ADOM must be adjusted to keep analytics and archive logs for at least 62 days to cover the entire time span. Otherwise, the fetched logs will be automatically deleted after they are fetched.
sorry: The fetch server administrator user name and password must be for an administrator with either a Standard_User or Super_User profile.
FAZ Analyst 7.2 Study Guide Page: 77-78
B & C FAZ Analyst 7.2 Study Guide Page: 77-78
A & B correct
B & C, Page 168 , FAZ_7.0
B & C, Page 168 , FAZ_7.0
A: Using FortiAnalyzer, you can enable log fetching. This allows FortiAnalyzer to fetch the archived logs of specified devices from another FortiAnalyzer B: During the request, you can choose filters to include: - Logs from a specific device - Logs of specific types and values - Logs from a specific time frame Reference: FortiAnalyzer Analyst Study Guide for FortiAnalyzer 7.2