Technical Tip: Unable to connect to FortiAnalyzer
Description
This article describes how to troubleshoot connection failures with FortiAnalyzer.
For configuration instructions, refer to the FortiAnalyzer Device Integration reference manual in the Fortinet Document Library.
Scope
Version: 8.7 and above.
Solution
Version: 8.7 and above.
Solution
1) (Version 8.7 only) Verify the serial numbers defined in both products are correct.
- In FNAC, verify FAZ serial number under System -> Settings -> System Communication -> Log Receivers.
- In FAZ, verify FNAC serial number under System Settings -> FNAC ADOM -> Device Manager.
If there is a mismatch between the actual number and the one configured, the connection will not complete.
2) Enable debug in the appliance CLI to collect additional information.
a) Login to the server CLI as root and type
nacdebug –name OFTPPlugin true
cd /bsc/logs
b) Start tailing the master log and send output to a separate file. Type
tail -F output.master | tee FAZConn.txt
c) Wait several minutes and look for 'yams.fortinet.oftp' messages indicating connection attempts.
Example:
yams.fortinet.oftp INFO :: 2020-05-01 13:50:59:011 :: /xx.xx.xx.xx:514 connected!
yams.fortinet.oftp WARNING :: 2020-05-01 13:50:59:174 :: Serial number mismatch!
yams.fortinet.oftp INFO :: 2020-05-01 13:50:59:174 :: /xx.xx.xx.xx:514 disconnected!
d) Use Ctrl-C to stop tail.
e) Disable debug. Type
nacdebug –name OFTPPlugin false
3) Capture the appliance's license information. Type
licensetool | tee licensetool.txt
4) Verify output shows license file contains certificates. For details see the related KB article Technical Tip: Certificates not included in license keys.
5) If the serial number mismatch message is present, see the related KB article Technical Tip: Unable to connect to FortiAnalyzer due to serial number mismatch. Otherwise, download FAZConn.txt from the appliance using SCP protocol via WinSCP or a similar application.
6) For additional assistance, open a support ticket and include the following:
6) For additional assistance, open a support ticket and include the following:
- FAZConn.txt file (may have to be zipped depending upon the size)
- licensetool.txt
- Screen captures of the configuration for both FortiNAC and FortiAnalyzer
- FortiNAC version
- FortiAnalyzer version
If more information is required, the debug level can be changed to a more verbose setting. Type
nacdebug –name OFTPPlugin true
nacdebug -loader MasterLoader -logger yams.fortinet.oftp -level FINE
To un-set the log level and disable debug:
nacdebug -logger yams.fortinet.oftp
nacdebug –name OFTPPlugin false