Which statement is true about using aggregation mode on FortiAnalyzer?

Which statement is true about using aggregation mode on FortiAnalyzer?
A . Aggregation mode supports log filters.
B . Aggregation mode can work with syslog servers.
C . In aggregation mode, logs and content files are forwarded in real time.
D . Aggregation mode can be configured only on the CLI.

Answer: B

Explanation:

In aggregation mode, FortiAnalyzer stores logs received from devices and forwards them at a specified time each day to avoid duplication. It is specifically designed to work between two FortiAnalyzer units and does not support syslog or CEF servers. Additionally, aggregation mode configurations are limited to CLI commands log-forward and log-forward-service.

Reference: FortiAnalyzer 7.2 Administrator Guide, "Aggregation" and "CLI Commands for Aggregation Mode" sections.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments