If you have one FortiAnalyzer, can you log fetch?

In the context of logging and log management with FortiAnalyzer, the process of log fetch typically refers to the ability of a FortiAnalyzer to directly retrieve logs from a FortiGate or other Fortinet devices without the need for manual intervention. The correct understanding of log fetch involves recognizing that it requires the log files to be transferred automatically from a device to the FortiAnalyzer for analysis and reporting.

When you state that exporting and importing a log file is necessary, it aligns with scenarios where the FortiAnalyzer does not have a direct logging connection established, or where multiple devices are involved in a more complex log management solution. In such cases, manual steps may indeed be needed to export logs from one device, transfer them, and then import them into the FortiAnalyzer for evaluation.

Thus, while direct log fetching is ideal for a seamless monitoring solution, the limitation of needing to manually export and import logs from a single FortiAnalyzer captures the practical steps that might be required depending on the configuration and the number of devices in your network setup.