Skip to main content
adem_netsys
adem_netsys
Explorer III
October 11, 2025
Question

Reporting Device does not appear in CMDB

  • October 11, 2025
  • 1 reply
  • 815 views

Hi Guys,

 

We are collecting logs from FortiProxy products to SIEM. We can see that these logs are arriving and can be parsed in Analytics, but they are not visible as devices in the CMDB. What could be the reason for this? Version 7.2.6.

    1 reply

    Secusaurus
    Secusaurus
    Contributor III
    October 13, 2025

    Hi @adem_netsys,

     

    If you are on a multi-tenant deployment, I am sure you made sure you selected the correct organization, correct? ;)

     

    When receiving logs from a device, a new CMDB entry only pops up if this IP (seen from the Collector which receives this event) is not already existing in the CMDB. This is a common "issue", we have when we add all the devices of a new customer to the CMDB already, but only collect their logs several months later.

    This is especially irritating when there's NAT or event forwarding happening somewhere on the way to the Collector.

     

    Check your "Reporting IP" of the logs against the CMDB (in all organizations). If you still don't see the device there, then probably the CMDB has an internal error and I'd recommend opening a ticket.

     

    Best,

    Christian

    NSE8 | Fortinet Advanced MSSP Partner
      adem_netsys
      adem_netsysAuthor
      Explorer III
      October 13, 2025

      Hi @Secusaurus 

       

      We are in an Enterprise setup, and as I mentioned, we can see these logs in Analytics, and they are even being parsed. There is no NAT in between. Even if there were, if we can see these logs arriving in the SIEM and the assigned Collector, I believe we should be able to see them in the CMDB.

      Secusaurus
      Secusaurus
      Contributor III
      October 13, 2025

      Yes, for any log you receive in Analytics (historical, not live), you should see a matching CMDB entry which is matched against the IP-address you find as "Reporting IP" in your logs.

      If this is not the case, you could configure it manually. But since the CMDB-entry still might not be connected to the logs, I'd rather think that's something for the TAC to investigate.

       

      Best,

      Christian

      NSE8 | Fortinet Advanced MSSP Partner
      Terms & ConditionsAccessibility statement