Skip to main content
jsanda
jsanda
New Member
September 12, 2025
Question

FortiAnalyzer Fault Reports

  • September 12, 2025
  • 1 reply
  • 409 views

Hello guys ,

 

I have a problem with reports from FortiAnalyzer. 

 

I'm gonna explain my 'topology' the best way i can.

Firstly, there is a standalone EMS that pushes the logs of the hosts to the FortiAnalyzer. I can see the logs in Fortianalyzer , so we are sure that we have them in the right place and there isnt a conneciton problem.

 

It seems that when i run a report (new or old) it's contents its the same almost every time and there is only one host in its results. I use the default report editor (i have tried use different choices in the graphs but no desired result). Also i give it a try with and without  the extended log filtering and checked all the options (device , source ip, dest ip, endpoint id....). Enable High Accuracy Caching also checked in case there is a problem with the number of logs.

 

 

FortiAnalyzer uses ADOM (the correct one selected) , version v7.6.3 build3492 (Feature)

1 reply

AEK
SuperUser
AEK
SuperUser
September 13, 2025

Hi Sanda

Didn't understand well your concern. Do you mean you don't see client logs? If so, did you enable client logs to be sent to FAZ? This can be don from client related system profile.

AEK
jsanda
jsandaAuthor
New Member
September 16, 2025

Hello AEK,
I can see the logs in FortiAnalyzer fine. My problem is that they dont appear on the reports. For example, when i try to have an index of devices alerts or events in a report its only show one specified host . I thought that there was not a problem but this keep happens for 3 months now. 

AEK
SuperUser
AEK
SuperUser
September 16, 2025

Hi Sanda

This can be due to a filter in your report or the chart may not be configured as expected. Try check both.

AEK
Terms & ConditionsAccessibility statement