Skip to main content
cos
cos
New Member
February 6, 2015
Question

Fortianalyzer not showing logs

  • February 6, 2015
  • 20 replies
  • 42462 views

Hello,

 

We have 4 fortigates which are configured to send all the logs to the FortiAnalyzer. The point is that we dont see any logs in "fortiview and log view", but the device is receiving logs. Its stuck like loading the information.

We also can not see the logs in the fortigate configuring the FortiAnalyzer like source.

Whats happening with the logs???

 

I attached a screenshot about that we see in fortiview.

 

thanks,

regards,

Jesus

    20 replies

    scao_FTNT
    Staff
    scao_FTNT
    Staff
    February 6, 2015

    Hi, Jesus, in your pic, if you click left tree bottom log view, what is displayed? and for that log view, left tree has a "Log Browse" link which is for device raw log files, can you also help do a check for that?

     

    thanks

     

    Simon

    cos
    cosAuthor
    New Member
    February 6, 2015

    Sorry, i tried using chrome and i can see verything. I think my client was using another browser.

     

    this could be caused for any browser or something??? any uncompatibility for any browser known??

     

    thanks

    cos
    cosAuthor
    New Member
    February 6, 2015

    Hi, my client update me about this problem. ITs different behaviour.

     

    This problem we have with the fortiazalyzer have been happening since I installed it and we didnt pay a lot of attention because we thought it was a blip, but we see this again and we dont know why; yesterday when I walked into the web console FAand . No logs showed none of the FG that we have set. Also going into the FGates could see nothing, as they are configured to send the FA real time and in turn show the logs that are in the FA.

    This was well throughout the morning until after about three hours (more or less) finally appeared the logs in both FA and FG. From there, all right. Even today also continues to work well. The problem occurs when we are a long period of time (do not know tell you how) without access logs, or through FG or directly from FA.

    Another symptom that something is wrong with the BB.DD. Internal FA is that there is a report that is released monthly and that most often gets stuck with the bar "in process" to mean. Yes it does well if just one day before the start of the report, we have the FA showing logs.

     

     

    Any advices or what it could be happening????

    cos
    cosAuthor
    New Member
    February 6, 2015

    The performance is working low.....

     

    FORTIANALYZER:

    FAZ2000B $ get system performance CPU: Used: 2.1% Used(Excluded NICE): 2.1% CPU_num: 4. CPU[0] usage: 0.99% Usage: %user %nice %sys %idle %iowait %irq %softirq 0.46 0.00 0.40 99.01 0.00 0.00 0.13 CPU[1] usage: 3.23% Usage: %user %nice %sys %idle %iowait %irq %softirq 2.96 0.00 0.26 96.77 0.00 0.00 0.00 CPU[2] usage: 0.20% Usage: %user %nice %sys %idle %iowait %irq %softirq 0.13 0.00 0.07 99.80 0.00 0.00 0.00 CPU[3] usage: 0.66% Usage: %user %nice %sys %idle %iowait %irq %softirq 0.00 0.00 0.33 99.34 0.33 0.00 0.00 Memory: Total: 14,378,716 KB Used: 1,619,852 KB 11.3% Hard Disk: Total: 1,922,329,396 KB Used: 899,656,632 KB 46.8% Flash Disk: Total: 253,871 KB Used: 61,903 KB 24.4%

    ------------------------------------

    FORTIGATE  $ get system performance status CPU states: 0% user 1% system 0% nice 99% idle CPU0 states: 0% user 2% system 0% nice 98% idle CPU1 states: 0% user 2% system 0% nice 98% idle CPU2 states: 0% user 1% system 0% nice 99% idle CPU3 states: 0% user 0% system 0% nice 100% idle Memory states: 31% used Average network usage: 80203 kbps in 1 minute, 84295 kbps in 10 minutes, 85175 kbps in 30 minutes Average sessions: 28455 sessions in 1 minute, 27521 sessions in 10 minutes, 29024 sessions in 30 minutes Average session setup rate: 150 sessions per second in last 1 minute, 168 sessions per second in last 10 minutes, 174 sessions per second in last 30 minutes Virus caught: 0 total in 1 minute IPS attacks blocked: 0 total in 1 minute Uptime: 280 days, 5 hours, 23 minutes

     

    scao_FTNT
    Staff
    scao_FTNT
    Staff
    February 6, 2015

    For supported Browser, FMG/FAZ support IE11, FireFox35 (current latest version) and Chrome40 (current latest version)

     

    Thanks

     

    Simon

    Genesis
    Genesis
    New Member
    February 6, 2015

    are there any resource that is running high -- CPU or Mem?

    L_FTNT
    Staff
    L_FTNT
    Staff
    February 6, 2015

    It would be helpful that you provide the firmware versions on the FGTs and also firmware versions on FAZ?

    Were the FAZ and FGTs upgraded recently? If so, from which version to which version?

     

    cos
    cosAuthor
    New Member
    February 9, 2015

    FORTIANALYZER

    Firmware Version v5.0.7-build0321 140627 (GA)

    FORTIGATE

    Firmware Version v5.0,build3608 (GA Patch 7)

    cos
    cosAuthor
    New Member
    February 12, 2015

    ANy advice????

    Genesis
    Genesis
    New Member
    February 12, 2015

    run  exe top and check the mem utilization particularly the 'phyton' service. If it's high, you can kill it.

     

    diagnose sys process kill -9 <pid>

    cos
    cosAuthor
    New Member
    February 13, 2015

    ok but wich is the command to go up the process phyton again???? or it should be go up by itself???? it could be produce any impact in the service??

    scao_FTNT
    Staff
    scao_FTNT
    Staff
    February 13, 2015

    Hi, cos, I may need you to open a ticket and provide like FAZ db config for investigation

     

    we may need to use ticket to track this issue

     

    Thanks

     

    Simon

    Show more replies
    Terms & ConditionsAccessibility statement