Skip to main content
navin_cool
navin_cool
New Member
November 26, 2015
Solved

No Traffic logs visible and No matching log data in FortiAnalyzer 1000B

  • November 26, 2015
  • 1 reply
  • 14822 views

Hi Everyone,

This is Naveen and I just joined this forum. I see It is very good forum with all useful discussions.

I have a problem with Log and Reports. We are using 

Fortigate 200A with version 4.0 (MR2 Patch 2) and 

Fortianalyzer 1000B with version 4.0 (MR2 patch 2).

 

In FortiGate, I have configured "Remote Logging & Archiving" with FAZ Ip address with minimum "debug" level.

I am able to see all event logs in FAZ, but unable to see Trffic logs. I think, because of this issue, FAZ is unable to show the reports and it says "No matching log data for this report". I have configured Layout, Data Filter and Schedule in FAZ.

 

It will be appreciable, if someone can help me to address this issue.

    Best answer by abelio

    Hi,

    navin.cool wrote:

    There was "Log Allowed Traffic" box checked on few Firewall Policy's. Now, I have enabled on all policy's.

    Now, I am able to see live Traffic logs in FAZ,

    ok

    but still "no matching log data" in reports.

    Maybe logs are not full indexed yet. Wait some time or reindex logs.

     

     

    How to create a schedule to get live traffic report ?

     

    'live traffic' means to me similar 'realtime', so i cannot see a 'schedule' for that

    In another sense, configure your desired report and define a schedule is straightforward.

    Look for FAZ 4.x docs in fortidocs site.

    One more thing, for both FG and FAZ devices TAC support and FortiGuard Services are expired.

    So, is this lead to any issues, in terms of  logs & Reports ?

    Not in those terms; you can run available reports in that firmware version.

    However you couldn't upgrade firmware or get support from Fortinet

     

    I am also trying to block few website using web filer, but its no working.

     

    You couldn't use fortiguard webfilter without respective contract.

    You could block websites using static urlfilter list, but this is a topic for another forum, not for FAZ one.

     

    Hope it helps

     

    regards

     

    1 reply

    abelio
    SuperUser
    abelio
    SuperUser
    November 26, 2015

    Hello

    check each firewall policy for "Log Allowed Traffic" box and mark it.

     

    btw:

    with those firmware versions you're out of TAC support; for better overall results consider upgrade to 4.3p18 your FGT200A and your FAZ to 4.3p8 (if you don't want to jump to SQL yet)

     

    regards

    navin_cool
    navin_coolAuthor
    New Member
    November 27, 2015

    Hi Abel,

    Thanks for your reply.

    There was "Log Allowed Traffic" box checked on few Firewall Policy's. Now, I have enabled on all policy's.

    Now, I am able to see live Traffic logs in FAZ, but still "no matching log data" in reports.

    How to create a schedule to get live traffic report ?

     

    One more thing, for both FG and FAZ devices TAC support and FortiGuard Services are expired.

    So, is this lead to any issues, in terms of  logs & Reports ?

    I am also trying to block few website using web filer, but its no working.

     

    Can you please suggest.

     

    abelio
    SuperUser
    abelioAnswer
    SuperUser
    November 27, 2015

    Hi,

    navin.cool wrote:

    There was "Log Allowed Traffic" box checked on few Firewall Policy's. Now, I have enabled on all policy's.

    Now, I am able to see live Traffic logs in FAZ,

    ok

    but still "no matching log data" in reports.

    Maybe logs are not full indexed yet. Wait some time or reindex logs.

     

     

    How to create a schedule to get live traffic report ?

     

    'live traffic' means to me similar 'realtime', so i cannot see a 'schedule' for that

    In another sense, configure your desired report and define a schedule is straightforward.

    Look for FAZ 4.x docs in fortidocs site.

    One more thing, for both FG and FAZ devices TAC support and FortiGuard Services are expired.

    So, is this lead to any issues, in terms of  logs & Reports ?

    Not in those terms; you can run available reports in that firmware version.

    However you couldn't upgrade firmware or get support from Fortinet

     

    I am also trying to block few website using web filer, but its no working.

     

    You couldn't use fortiguard webfilter without respective contract.

    You could block websites using static urlfilter list, but this is a topic for another forum, not for FAZ one.

     

    Hope it helps

     

    regards

     

    Terms & ConditionsAccessibility statement