Hot!how to download logs from Fortigate in CSV format

Author
sebastan_bach
Silver Member
  • Total Posts : 90
  • Scores: 3
  • Reward points: 0
  • Joined: 2008/04/03 11:04:47
  • Status: offline
2017/12/08 12:25:17 (permalink)
0

how to download logs from Fortigate in CSV format

Hi, 
 
I am using Fortigate appliance and using the local GUI for managing the firewall. In the logs I can see the option to download the logs. But the download is a .log file format. How can I download the logs in CSV / excel format. Is there a way to do that. I am not using forti-analyzer or manager. 
 
Or is there a tool to convert the .log file to csv format. I am using forti-OS 5.6.2
 
appreciate any help.
 
Sebastan
#1

6 Replies Related Threads

    mahesh secure
    Silver Member
    • Total Posts : 83
    • Scores: 1
    • Reward points: 0
    • Joined: 2015/12/10 01:04:48
    • Status: offline
    Re: how to download logs from Fortigate in CSV format 2017/12/09 00:43:29 (permalink)
    0
    Hi Sebastan
     
    i try with fileviewer plus. its support .log file. once open it copy and past to excel and use data-->text to colums feature in excel to convert.
     
    hope helps you
     
    Regards
    Mahesh
    #2
    tmelton
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/04/17 10:45:53
    • Status: offline
    Re: how to download logs from Fortigate in CSV format 2019/05/07 07:08:41 (permalink)
    0
    That works great with CSV format, but these file are not in that format.
    this format does not turn into a please set of columns.
     
     
    date=2019-05-07 time=08:17:29 logid="0102043040" type="event" subtype="user" level="notice"
    #3
    theArties
    Bronze Member
    • Total Posts : 22
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/04/04 00:04:32
    • Status: offline
    Re: how to download logs from Fortigate in CSV format 2020/06/30 07:06:18 (permalink)
    0
    Hi there, 
     
    I know the last post has been a while back, but wondering if there's a latest answer to the question? 
    Having similar issue importing the log into excel. Or is it meant to be this way? 
     
    Thanks.
    #4
    emnoc
    Expert Member
    • Total Posts : 5748
    • Scores: 373
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: how to download logs from Fortigate in CSV format 2020/06/30 08:26:03 (permalink)
    0
    I want to say you can export the logs form fortianalyzer and achieve this.
     
    Ken Felix

    PCNSE 
    NSE 
    StrongSwan  
    #5
    aleg
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/06/02 16:29:10
    • Status: offline
    Re: how to download logs from Fortigate in CSV format 2020/07/15 18:21:19 (permalink)
    0
    But, how?  If you are viewing Forward Traffic, apply some filters, then click the Download button to get only the data you want, you can't get a CSV.  It only gives you *.log file with the text saved as above.
     
    Is there some other method?
     
    Or, a pattern for importing into Excel to convert to columns with headers?
    #6
    emnoc
    Expert Member
    • Total Posts : 5748
    • Scores: 373
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: how to download logs from Fortigate in CSV format 2020/07/15 21:11:59 (permalink)
    0
    Just download the file from the webUI it will be in tab seperated
     
    e.g adownload tlog;
     
    date=2020-07-15 time=20:59:40 logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1594871980266791507 tz="-0700" srcip=10.1.1.140 srcport=47269 srcintf="lan" srcintfrole="lan" dstip=112.124.0.188 dstport=15000 dstintf="wan1" dstintfrole="wan" srccountry="Reserved" dstcountry="China" sessionid=2038461 proto=6 action="deny" policyid=0 policytype="policy" service="tcp/15000" trandisp="noop" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned" crscore=30 craction=131072 crlevel="high"
     
    Another option is to use the cli and display the log and set filters and capture it to a file
     
     execute log filter category   0
     execute log filter field dstcountry china  
     execute log display
     
    http://socpuppet.blogspot.com/2016/08/using-execute-log-filters-to-monitor.html
     
    If you need CSV, just remove the tab and replace tab with commas
     
    unix-sed
     
     sed 's/ /,/g' tlog.tab > tlog.csv
     
    You have hundred of options on what you can do. You just have to be creative.Also don't forget if you do not havr a remote-log like fortianalyzer you can export logs to a syslog and facility and then do any manipulation on the syslog host
     
     oh to export logs via syslog in csv change the settings
     
    config log syslogd setting
    set status enable
    set mode reliable
    set port 6514
    set format csv
    set enc-algorithm high
    set ssl-min-proto-version TLSv1-1
    set certificate "fgt1-new1"
    end
     
     
    Ken Felix
     
     
     
    post edited by emnoc - 2020/07/15 21:20:16

    PCNSE 
    NSE 
    StrongSwan  
    #7
    Jump to:
    © 2020 APG vNext Commercial Version 5.5