On a FortiAnalyzer, analytics logs are logs that have been received from a device, processed, and then indexed into the SQL database. This indexing process is crucial for enabling the fast data retrieval required for analytical functions, such as generating reports, charts, and datasets in Log View and FortiView. These indexed logs are optimized for analysis and are distinct from raw, active log files or compressed archives. The system uses this structured data to provide insights and detailed reporting on network activity.

A: This describes active logs. These are the raw log files currently being written to by connected devices before they are indexed for analytics.

B: This describes archived logs. When an active log file is rolled over, it is compressed into a .gz file for long-term storage, not for immediate analytics.

C: This describes the process of log rolling, which is a mechanism to manage log file size and is not a type or state of a log file itself.

1. FortiAnalyzer Administration Guide 7.4.2

Page 161

Section: "Log files".

The guide states: "Logs are indexed to the SQL database for analytic support. Analytics logs are also referred to as indexed logs." This directly supports option D.

It also defines other log states: "The active log file is the log file that is currently receiving logs from the connected devices." (Refuting A) and "When a log file is rolled over

it is compressed to the .gz format and archived." (Refuting B).

2. FortiAnalyzer Administration Guide 7.4.2

Page 162

Section: "Log rolling".

This section describes log rolling as a process: "Log rolling saves the active log file and starts a new active log file when the active log file reaches a specific size or at a scheduled time." This confirms that option C is a process

not a log type.