Which mode acts as a central log aggregator for multiple log collectors?

The correct mode that acts as a central log aggregator for multiple log collectors is Analyzer Mode. This mode is designed specifically to collect, process, and analyze logs from various log collectors within an organization's network. It consolidates data from different sources, allowing for comprehensive analysis and reporting on security events or network activities.

In Analyzer Mode, FortiAnalyzer can effectively aggregate the logs, enabling administrators to gain insights into security posture, performance metrics, and compliance requirements. This centralization facilitates better decision-making and enhances overall visibility across the environment.

While other modes exist, they serve different purposes. Collector Mode is primarily responsible for gathering logs from devices, but it does not perform aggregation and analysis. Forwarder Mode is used to send logs to a central location, but it does not aggregate or analyze those logs itself. Reporting Mode focuses on generating reports based on the data that has already been analyzed, rather than working as a primary aggregator for incoming log data.