What is disabled by default when FortiAnalyzer is in collector mode, which may cause logs to not be available?

When FortiAnalyzer is in collector mode, the SQL database is disabled by default. This is significant because the SQL database is responsible for storing and managing log data. In collector mode, the FortiAnalyzer primarily collects logs from other Fortinet devices and aggregates them, rather than performing any SQL-based analysis or storage.

As a result, if the SQL database is disabled, logs may not be available for querying or historical analysis, which can impact reporting and log retrieval operations. This limitation emphasizes the importance of ensuring that the SQL database is enabled when there is a need for comprehensive log management and analysis functions. Other options, such as HTTP access, log storage, or the management interface, do not directly relate to the core storage and retrieval functionality of the FortiAnalyzer, making their default status less impactful in terms of log availability.