How are logs processed when received from registered devices by Fortianalyzer?

When FortiAnalyzer receives logs from registered devices, it processes and stores them in a manner that ensures both efficient storage and easy retrieval for analysis. Logs are compressed and saved on the disk to optimize space usage. This compression allows FortiAnalyzer to handle large volumes of log data while maintaining performance and ensuring that storage resources are used effectively.

Storing logs on disk, rather than in local memory, allows for persistent storage that can be accessed even after a reboot or power loss. Immediate deletion or direct sending of logs to the admin does not align with how log management and retention is structured within FortiAnalyzer; instead, the system focuses on keeping logs available for review and analysis over time.