FGT 5.4.4 -> FAZ 5.4.3 - stop sending logs

Forum|Forum|8 years ago
May 30, 2017
1 reply
7119 views

Hi guys, we have a problem with sending logs from FGT60E (5.4.4) to FAZ200D (5.4.3) Once in a while (about once a week), FortiGate stops send logs to the FAZ. In Device Manager I see the red status instead of green. If I restart the FAZ, the problem persists. Reboot FGT will help. The FGT-> FAZ connection test passes OK. We have 8 units connected to the FAZ and only this one does.

Some idea or diag cmd?

config log fortianalyzer setting
    set status enable
    set ips-archive enable
    set server "xx.xxx.xxx.xxx"
    set enc-algorithm default
    set conn-timeout 10
    set monitor-keepalive-period 5
    set monitor-failure-retry-period 5
    set source-ip ''
    set upload-option realtime
    set reliable enable
end

Thanks. Jirka

Baptiste

New Member

Hi you can try to disable encyption, same case and it's working fine now.

Don't forget to set source IP if your FGT is on remote site (VPN)

config log fortianalyzer setting set enc-algorithm disable

set source-ip LAN-IP

end

Jirka1Author

Explorer II

Hi Baptiste,

Unfortunately, I tried it all without success. FGT is not on the remote side so I set scr-add as a WAN address and disable encryption. I rebooted and it worked for 5 days. Today again the same mistake...

Is there any way to diagnose what's wrong?

Thanks

Jirka

emnoc

New Member

Yes disable ENC it's not supported going forward ( FAZ 5.4.2+ ) . Also running diag sniffer packet any "host <insert address of FAZ>" and see what's happening will give you an ideal.

Just generate a traffic event/system event and monitor for traffic to FAZ device or use the "diag log test " and watch for a log event.

You can run "diag debug application miglogd -1" and look for the faz message also an alternative

http://socpuppet.blogspot...cloud-issues-52ga.html

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded