Technical Tip: FortiAnalyzer Cloud-out connector
Description
This article describes how to troubleshoot the Cloud-out connector in FortiAnalyzer.
Scope
FortiAnalyzer.
Solution
- Verify storage connector service license. To verify the license, use the CLI command 'diagnose fmupdate dbcontract'. Ensure that 'SCPC' is available under 'Contract' and check the expiry date.
FAZ-VMTM00000000 [SERIAL_NO]
AccountID: user@aaa.com
Industry: Test
Company: AAA
Contract: 6
COMP-1-20-20230831
ENHN-1-20-20230831
FMWR-1-06-20230831
FRVS-1-06-20230831
SCPC-1-06-20230831
SPRT-1-20-20230831
Ensure that 'Upload logs to cloud storage' is not greyed out at System Settings -> Device Log Settings.
- Verify CA certificates. Verify that CA certificates have been imported at System Settings -> CA Certificates. Before logs can be uploaded to cloud storage using Amazon S3, Azure Blob, or Google connectors, the cloud provider's CA certificate(s) must be imported into FortiAnalyzer.
Third-party CA certificates, for example, GlobalSign and CyberTrust, may be required.
Check with the Cloud storage provider to see which CA certificates are supported. In Amazon S3's case, one of the root CAs, Starfield Services Root Certificate Authority - G2, needs to be imported in FortiAnalyzer to work, which can be downloaded from here: Amazon trust Service.
- Check the policies related to Amazon S3 access. Check that the IAM user or role has s3:GetBucketPolicy permission to view the bucket policy and s3:PutBucketPolicy permission to edit it.
FortiAnalyzer uses Rclone to manage files on cloud storage and Rclone permissions. - Verify Fabric Connector configuration. Verify fabric connectors settings in Fabric View -> Fabric Connectors, and the status is set to 'ON'. Below are sample details required for each cloud provider:
AWS S3:
Provider: AWS.
Region: AWS region (ex. us-west-1).
Access Key ID: IAM user account access key.
Secret Access Key: IAM user account secret access key.
Azure Blob:
Storage Account Name: Microsoft Azure account name.
Account Key: Microsoft Azure account key.
Google:
Cloud Project Number: Google account project number.
Service Account Credentials: Google account JSON key.
Cloud Location: Bucket locations (example: us-east1).
Use the CLI command 'diagnose test application upload 62 <connector> <remote path>' to perform an upload test to cloud storage.
Example:
s1) copy file. uuid[b9647d0c-32b1-11eb-8bfa-0a17955e07c8]
s-) result not ready. uuid[b9647d0c-32b1-11eb-8bfa-0a17955e07c8]
s2) rc=0 message[success]
In the 'Remote Path' box, type the bucket or container name from the storage account.
FAZ # diagnose debug enable
cmd_proxy:97: 1622182565 cmd "/usr/local/bin/rclone --config=/drive0/private/rclone.cfg copy /drive0/private/uploadd_repo_cloud_storage/Amazon S3 storage - fortiazure fortiazure:fazapacstorage" sent successfully! uuid=2f1ff2f4-bf7c-11eb-843e-0050568ab88d
- Useful CLI commands for troubleshooting the FortiAnalyzer Cloud-out connector.
diagnose test application uploadd 6 <----- Cloud storage backlog.
diagnose test application uploadd 62 <connector> <remote path> <----- Upload test.
diagnose test application uploadd 63 <----- Cloud storage usage info.
diagnose debug application uploadd 8 <----- Removed after v7.6.0, v7.4.4, and v7.2.6.