Help
Customer Service
Customer Service Information and Announcements
vprabhu_FTNT
Staff
Staff

Created on ‎09-20-2022 09:09 PM Edited on ‎09-20-2022 09:13 PM By Community Manager

Article Id 224332

Troubleshooting Tip: GUI display of logs on FortiGate from FortiAnalyzer

Description This article describes when there are issues with FortiGate logs GUI display from FortiAnalyzer and no logs are visible.
Scope FortiGate side troubleshooting.
Solution

This can be checked and addressed as per below:

 

1) Check whether logs show in FortiAnalyzer to ensure logs are there.

 

2) If FortiAnalyzer logs are visible but are not downloading on the FortiGate, run the below command:

 

# execute log fortianalyzer test-connectivity

 

- If passing and there issome issue on Fortigate, run below commands on FortiGate:


# get log fortianalyzer setting


Check the conn-timeout setting as this will impact on the logs from FortiAnalyzer. Increase the conn-timeout setting.

 

- Also, check the miglogd process debugs: '# diag deb app miglogd 255'.

However, note, this can be resource intensive based on amount of logs.

It is possible to set the duration to be lower like 1 minute - '# diag debug duration 1' and then enable its debugs.

 

To collect debug information of FortiAnalyzer enabled logs:


# diagnose debug application miglogd 0x100

 

shows output as below:


Fortigate# diagnose debug application miglogd 0x100
<226> _send_queue_item()-488: type=11, cat=0, logcount=0, len=0
<226> __on_pkt_recv()-1376: dev=global-faz type=11 pkt_len=21

<226> __on_pkt_recv()-1376: opt=52, opt_len=9
ewall policy <146> _send_queue_item()-488: type=11, cat=0, logcount=0, len=0
<146> __on_pkt_recv()-1376: dev=global-faz type=11 pkt_len=21

<146> __on_pkt_recv()-1376: opt=52, opt_len=9
<226> _send_queue_item()-488: type=3, cat=1, logcount=1, len=284
<226> _send_queue_item()-488: type=11, cat=0, logcount=0, len=0
<226> __on_pkt_recv()-1376: dev=global-faz type=11 pkt_len=21

 

- It is possible to increase the miglogd-children process.

First determine the number of miglogd process as per command:


# diag sys process pidof miglogd <----- Output as per below
182
242


This will display the process ID pid of the miglogd process.

1 Main and 1 child process. For efficiency of logs, the child process can be increased as per below:

 

# get sys performance status <----- Ensure enough memory is free.
config system global
get | grep miglogd
set miglogd-children 2
get sys performance status <----- Check the resource status again.

 

- Other checks of miglogd process can be done as per command '# diag test app miglogd' and it displays the whole list of optional checks.


If point 2 fails, refer to the below KB article:
https://community.fortinet.com/t5/FortiAnalyzer/Troubleshooting-Tip-FortiGate-to-FortiAnalyzer-conne...

 

Other useful document:

https://docs.fortinet.com/document/fortigate/7.2.1/administration-guide/668197/log-related-diagnose-...

 

1318
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.