You must analyze an event that happened at 20:37 UTC.
One log relevant to the event is extracted from FortiGate logs:
The devices and the administrator are all located in different time zones Daylight savings time (DST) is disabled.
The FortiGate is at GMT-10:00 -
The FortiAnalyzer is at GMT-08:00
Your browser local time zone is at GMT-03:00
You want to review this log on FortiAnalyzer GUI, what time should you use as a filter?
To analyze the event that happened at 20:37 UTC using the FortiAnalyzer GUI (which is set to GMT-08:00), you need to adjust the event time to the FortiAnalyzer's local time. The event time of 20:37 UTC minus 8 hours results in 12:37. Thus, you should use 12:37:08 as a filter when reviewing the log on the FortiAnalyzer GUI.
I suppose D. The question says that something happened at 20:37, but u have extracted a related log from fortigate (time 10:37:08). FGT is GMT-10 and FAZ is GMT-8 (so +2). When a FAZ receive a log it register the hour of the device as dtime and maintain itime as the time it received the log. FAZ use itime as a reference for Time in GUI (https://community.fortinet.com/t5/FortiAnalyzer/Technical-Note-Understanding-FortiAnalyzer-time-related-fields/ta-p/197569) So if u want to search the related log u must use 12:37:08. This IMPO
- GUI 'Date/time' column is calculated based on itime. - itime is generated by FAZ when it receives a log (with SQL enabled) i.e. FAZ local time. So the filter will be based on itime which is the local time on the FAZ (GMT-8) so UTC 20:37 makes the time GMT 20:37, so that minus 8 makes it 12:37.
Can anyone please confirm this answer? I could not find any related document on this ..
i would go for D. but not sure i think FAZ will display the log as its local time, and not as the FGT time.
Uses the FAZ time which is UTC-8. Answer is D. 12:37:08.
C: C. 17:37:08