FCP_FAZ_AD-7.4 Leak Questions

The logfiled process is responsible for enforcing log file size and managing log rotation on FortiAnalyzer. It ensures that log files do not exceed the configured size limits and handles the creation and rotation of new log files when necessary.

B. The management computer does not have connectivity to the authorization IP address and port combination. If the FortiGate cannot reach the FortiAnalyzer on the configured IP address and port (typically HTTPS), the authorization request will fail. This could be due to firewall rules, routing issues, or incorrect configuration.

D. The fabric authorization settings on FortiAnalyzer are misconfigured. FortiAnalyzer needs to be properly configured to accept authorization requests. This includes settings like enabling Security Fabric and configuring the correct authorization method.

In a Fortinet Security Fabric, logs from downstream devices can be sent to FortiAnalyzer through the root FortiGate. This is why all the logs have the same source IP address (the root FortiGate). The root FortiGate aggregates and forwards the logs from all downstream devices, so the source IP in the log capture will appear to be from the root FortiGate itself, even though the logs originate from multiple devices within the fabric.