New Member

Solved

No UTM Logs - FAZ 5.2.1 with Fortigate 5.0.9

Forum|Forum|11 years ago
February 3, 2015
6 replies
11159 views

Hello Fortigurus,

Last week we upgraded our FAZ 4000B to 5.2.1 and after the database got done rebuilding a few days later we don't see any UTM logs on the FAZ. The Fortigate is a 3600C and is running 5.0.9 at the moment. The UTM logs are necessary for troubleshooting and reporting. Have any of you experienced this problem or know what can be done to resolve it? Please advise.

Thank you,

JB.KALM

Best answer by hzhao_FTNT

Hi jb, I am not a fgt expert, but I remember there was a bug in FOS5.0.5 or 5.0.6: sometime FGT do not send utm log, this issue can be fixed after reboot. Give it a try?

By the way, one FAZ side, you can reset fortilogd under cli:

dia test app fortilogd 99

Regards,

hz

hzhao_FTNT

Staff

Hi, do you mean no utm log in log view or log browse? From FAZ5.0.7, we write all utm logs into tlog.log, but you should be able to see utm logs in log view.

Regards,

hz

jb_kalmAuthor

New Member

Hi hz,

No UTM logs in the log view. We see the Traffic logs but UTM logs are blank/empty. As a result our reports (which use the UTM fields like "hostname" or "category") are also empty. I have the "extended_UTM_logs enable" feature enabled on all of my security profiles/sensors etc but still no UTM logs.

Thank you,

jb

hzhao_FTNT

Staff

Hi jb,

According to QA engineer of log view:

For 5.0 Fortigate, default is UTM log off in each UTM profile. Better to check FGT local first whether it has UTM log, if no, enable UTM log in its active UTM profile.

Regards, hz

jb_kalmAuthor

New Member

Hi hz,

I followed that procedure but after searching for countapp=*, I don't get any results: "No records found".

Is there a way to restart the logging daemon? I got as far as "diag test application miglogd" but what's the test level to restart it? It doesn't show the test levels and what they do as it does for other daemons. Or am I even in the correct place? :)

Thanks,

jb

hzhao_FTNT

Staff

Hi jb, no need to restart miglogd if you have enabled extended_utm_log. Do you have plan to upgrade FGT recently?

hz

jb_kalmAuthor

New Member

Hi hz,

We were planning to upgrade last night but decided to hold off until 5.2.3 is released. There is a bug 0263428 that affects IPSEC tunnels that would not be fixed until 5.0.12 or 5.2.3. But it seems 5.2.3 will be released before 5.0.12 so we might just go to 5.2.3 when it is available. Is there anything I can do while we wait for 5.2.3?

Thank you,

jb

hzhao_FTNTAnswer

Staff

Hi jb, I am not a fgt expert, but I remember there was a bug in FOS5.0.5 or 5.0.6: sometime FGT do not send utm log, this issue can be fixed after reboot. Give it a try?

By the way, one FAZ side, you can reset fortilogd under cli:

dia test app fortilogd 99

Regards,

hz

jb_kalmAuthor

New Member

Hi hz,

Well I restarted the fortilogd on the FAZ but the issue still exists. We'll have to schedule a maintenance window to restart the Fortigate. I'll let you know when we do restart it and if it worked or not.

Thanks so much for your assistance so far!

Thank you,

jb

MikePruett

New Member

jb.kalm wrote:
Hi hz,

Well I restarted the fortilogd on the FAZ but the issue still exists. We'll have to schedule a maintenance window to restart the Fortigate. I'll let you know when we do restart it and if it worked or not.

Thanks so much for your assistance so far!

Thank you,

jb

Tell Matthew I would be more than happy to sell you guys some more Fortigates so you can run in HA mode and not hit any downtime when you reboot those things ;p

jb_kalmAuthor

New Member

Ha... we have the extra 3600C but our network team doesn't want to give us the connectivity to make it HA. :(

jb

jb_kalmAuthor

New Member

Hey hz,

The Fortigate reboot resolved the issue. We are seeing the UTM logs on the FAZ once more!

Thanks man!

Thanks,

jb

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded