Troubleshooting Tip: Unable to see logs older than 7 days on a FortiCloud paid account from the GUI

Description

This article describes why in some cases, even when a FortiCloud paid account has 1 year host log retention, only the last 7 days of logs are visible.

This is expected behavior. The last 7 days is the default time range if the time range filter is not included to prevent querying huge numbers of log entries.

Scope

FortiCloud.

Solution

Workaround:

Filter FortiCloud logs with Date or Date/Time for logs on the desired time range, as in the example below:

Additional Information:

In version 7.2.x, users will have the ability to filter the logs as demonstrated above. This feature is not available in the 7.0.x version, which will display the information as illustrated below.

In 7.0.x, it is possible to apply filters as shown below:

If the problem persists, the following debugs can be collected and attached to technical support FortiCare ticket:

config system fortiguard

show full

execute ping logctrl1.fortinet.com
execute telnet <IP resolved above> 443
execute fortiguard-log domain

To start the debugging:

diagnose debug application forticldd -1
diagnose debug application fgfmd -1
diagnose debug enable

To stop the debugging:

diagnose debug disable

diagnose debug reset

execute fortiguard-log login <email> <password>
diagnose fdsm log-controller-update
diagnose fdsm contract-controller-update

During the off-peak or maintenance hours, the following can be run to restart processes:

fnsysctl killall forticldd

fnsysctl killall fgfmd