Technical Tip: Logs are not generating in firewall
Description
This article describes the case when logs are not generated in the firewall.
Scope
FortiGate.
Solution
There are many instances where the logs do not generate. The Miglogd daemon is responsible for logging in to FortiGate.
To know the status of the logs, execute the following debug:
diagnose debug application miglogd -1
diagnose debug enable
Collect debugs for 5 minutes. To disable the debug:
diagnose debug disable
If the log has to be generated manually on the FortiGate for testing purposes, the following command can be used:
diagnose log test
The above command will generate the following log events:
-: an infected virus message with level - warning
-: a blocked virus message with level - warning
-: a URL block message with level - warning
-: a DLP message with level - warning
-: an IPS log message
-: an botnet log message
-: an anomaly log message
-: an application control IM message with level - information
-: an IPv6 application control IM message with level - information
-: deep application control logs with level - information
-: an antispam message with level - notification
-: a URL block message with level - warning
-: an ssh-command pass log with level - notification
-: an ssh-channel block with level - warning
-: an ssl-cert_blacklisted log with level - warning
In addition, it can help fix the logging issue by restarting the logging daemon. It can be done in 2 ways:
- Find the process ID using the command below:
diagnose sys process pidof miglogd
If this results in more than one process ID, the first (smallest) ID would be the parent process, and restarting it will also restart all child processes. Then restart the process using the command:
diagnose sys kill 11 <PID>
-
Another approach is to restart all miglogd processes at once by using the command:
fnsysctl killall miglogd
Related articles: