Skip to main content
lspk
Staff
lspk
Staff
November 21, 2024

Technical Tip: CLI commands to verify connectivty status between FortiGate and FortiAnalyzer

  • November 21, 2024
  • 0 replies
  • 2792 views
Description This article describes new CLI commands to fetch information about the connectivity between FortiGate and FortiAnalyzer.
Scope FortiGate v7.2+.
Solution

The following command returns information about the status of the FortiGate-FortiAnalyzer connection.

 

First, validate FortiAnalyzer's connectivity with FortiGate using the following command:

 

execute log fortianalyzer test-connectivity

 

To show global log settings (useful for checking FortiAnalyzer's IP, authorization state, status, filter, etc.).

Global:

 

diagnose test application fgtlogd 1

 

And for VDOM:

 

diagnose test application fgtlogd 2

vdom-admin=0
mgmt=root

fortilog:
faz: global , enabled
server=10.109.19.110, alt-server=, active-server=10.109.19.110, realtime=1, ssl=1, state=connected
server_log_status=Log is allowed.,
src=, mgmt_name=FGh_Log_root_10.109.19.110, reliable=0, sni_prefix_type=none,
required_entitlement=none, region=ca-west-1,
logsync_enabled:1, logsync_conn_id:65535, seq_no:0
disconnect_jiffies:0
status: ver=0, used_disk=0, total_disk=0, global=0, vfid=0 conn_verified=N
SNs: last sn update:2007 seconds ago.
Sn list:

queue: qlen=0.
filter: severity=6, sz_exclude_list=0
anomaly voip gtp forti-switch
free-style filters: sz_filters=0
subcategory:
traffic: local multicast sniffer ztna

 

Anomaly:

To dump statistics:

 

diagnose test application fgtlogd 4
Queues in all miglogds: cur:0 total-so-far:444
global log dev statistics:
faz=205, faz_cloud=0, fds_log=0 (number should be increasing in case of new logs)

 

To generate testing logs:


diagnose test log

 

And check if the number of logs is increasing.

 

In case the issue is with a specific type of log, Show log detailed statistics by running:


diagnose test application fgtlogd 3

info for vdom: root
faz
traffic: logs=8 len=4440, Sun=0 Mon=0 Tue=0 Wed=0 Thu=0 Fri=0 Sat=0 compressed=4568
event: logs=170 len=71975, Sun=0 Mon=0 Tue=0 Wed=166 Thu=0 Fri=0 Sat=0 compressed=74695
anomaly: logs=9 len=6174, Sun=0 Mon=0 Tue=0 Wed=9 Thu=0 Fri=0 Sat=0 compressed=6318
voip: logs=9 len=5112, Sun=0 Mon=0 Tue=0 Wed=9 Thu=0 Fri=0 Sat=0 compressed=5256
forti-switch: logs=9 len=3042, Sun=0 Mon=0 Tue=0 Wed=9 Thu=0 Fri=0 Sat=0 compressed=3186

 

To show dropped logs due to the log rate limit for all devices:

 

diagnose test application fgtlogd 5
Number of logs skipped due to over max log rate
global:
root:

 

Related article:

Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity 
    Terms & ConditionsAccessibility statement