Skip to main content
x_member
x_member
New Member
June 3, 2015
Solved

System Log reports Files dropped by quard / quarantine daemon

  • June 3, 2015
  • 1 reply
  • 16497 views

Since implementing a Fortigate 60D with 5.2.3 a few weeks ago the system log shows an hourly entry reporting numbers of files dropped by quard (I've attached an example screenshot).

The entry provides no real information as to the cause, and I'm struggling to locate information online that indicates whether we should be concerned about this.

I've found reference to the quarantine daemon in the CLI manual and methods of debugging however I can't determine what options are available to use with the 

diag test application quarantined
command and am concerned about running such commands blind in a production environment.

 

 

Can anyone offer some advice on the following:

1. How can I determine the reason for this behaviour?

2. Should I be concerned about this, or is it typical?

 

TIA

    Best answer by x_member

    Replying to myself in case anyone stumbles across this thread looking for the same information:

     

    using 

    debug diagnose application quarantine -1
    I realised that the drops are files intended for FortiSandbox but unable to be uploaded as our daily limit (free version) was reached.

     

    Rather a shame that the reason isn't logged in the System Event log as FortiCloud sandbox daily limit reached" or similar. Could have saved me some time at least.

     

    1 reply

    x_member
    x_memberAuthorAnswer
    New Member
    June 5, 2015

    Replying to myself in case anyone stumbles across this thread looking for the same information:

     

    using 

    debug diagnose application quarantine -1
    I realised that the drops are files intended for FortiSandbox but unable to be uploaded as our daily limit (free version) was reached.

     

    Rather a shame that the reason isn't logged in the System Event log as FortiCloud sandbox daily limit reached" or similar. Could have saved me some time at least.

     

    ReseauSL
    ReseauSL
    New Member
    July 22, 2016

    Thanks, you just saved me some frustrating debugging.

    Terms & ConditionsAccessibility statement