Technical Tip: FortiCloud logs upload issues
Description
This article describes the issue when uploading logs to FortiCloud.
Solution
diagnose test application forticldd 3
Home log server: 208.91.113.97:514
Alt log server: 208.91.113.104:514
Active Server IP: 208.91.113.97
Active Server status: unknown
Home log server:
oftp status: connecting
spos: 0, slen: 0
rpos: 0, rlen: 12
Alternative log server:
Address: 208.91.113.104:514, st: down
oftp status: connecting
Debug zone info:
Home log server: 208.91.113.206:514
Alt log server: 208.91.113.122:514
Active Server IP: 208.91.113.206
Active Server status: up
......
Active APTServer status: unknown
Logs are not being uploaded to FortiCloud using either Realtime or Store-and-Upload methods.
The log server's connection status may or may not fluctuate as seen below:
diagnose test application forticldd 3
Home log server: 208.91.113.97:514
Alt log server: 208.91.113.104:514
Active Server IP: 208.91.113.97
Active Server status: unknown
Debug zone info:
Home log server: 208.91.113.97:514
Alt log server: 208.91.113.104:514
Active Server IP: 208.91.113.97
Active Server status: unknown
....
Active APTServer status: up
diagnose test application miglogd 20
Home log server:
Address: 208.91.113.97:514, st: down
oftp status: connecting
spos: 0, slen: 0
rpos: 0, rlen: 12
Alternative log server:
Address: 208.91.113.104:514, st: down
oftp status: connecting
diagnose test application forticldd 3
Debug zone info:
Home log server: 208.91.113.206:514
Alt log server: 208.91.113.122:514
Active Server IP: 208.91.113.206
Active Server status: up
......
Active APTServer status: unknown
Use the below command to check the FortiGate Cloud connection:
FortiOS 7.2.3 and below:
diagnose test application miglogd 20
FortiOS 7.2.4 and above:
diagnose test application fgtlogd 20
- This problem can be mitigated by disabling the resolve-ip option under log settings:
config log setting
set resolve-ip disable
end
-
If the problem still exists, logout-login from FortiCloud or enable/disable cloud logging changing the region on the FortiCloud account might help to fix the problem.
Note: If all of the above settings are checked and the logs are still not received on the Cloud, make sure that FortiGate is running the latest firmware if using a Free Subscription with FortiGate Cloud.
Starting from February 28, 2025, a FortiGate without an active FortiGate Cloud subscription is required to upgrade to the latest firmware patch within 7 days of a new GA patch release, or FortiGate Cloud services will be paused for that device.
This will affect the cloud retention service, where logs will not be forwarded to FortiCloud until the device is updated to the latest firmware patch if using a Free FortiGate Cloud account: Technical Tip: Security enforcement change for FortiGates provisioned to FortiGate Cloud without active subscriptions.
Related article: