Customer Service
Customer Service Information and Announcements
vprabhu_FTNT
Staff
Staff
Article Id 224332
Description This article describes when there are issues with FortiGate logs GUI display from FortiAnalyzer and no logs are visible.
Scope FortiGate side troubleshooting.
Solution

This can be checked and addressed as per below:

 

  1. Check whether logs show in FortiAnalyzer to ensure logs are there.
    (If logs intermittently do not show and the same behavior is visible on FortiAnalyzer too, the disk usage limit on FortiAnalyzer may have been reached, which causes FortiAnalyzer to delete old logs to free up space.)
  2. If FortiAnalyzer logs are visible but are not downloading on the FortiGate, run the following command:

 

execute log fortianalyzer test-connectivity

 

  • If passing and there issome issue on FortiGate, run the below commands on FortiGate:


get log fortianalyzer setting

 

  • Check the conn-timeout setting as this will impact on the logs from FortiAnalyzer. Increase the conn-timeout setting.

 

  • Also, check the miglogd process debugs: 'diag deb app miglogd 255'.

However, note, this can be resource intensive based on amount of logs.

 

It is possible to set the duration to be lower like 1 minute - 'diag debug duration 1' and then enable its debugs.

 

To collect debug information of FortiAnalyzer enabled logs:


diagnose debug application miglogd 0x100

 

It shows an output as below:


Fortigate# diagnose debug application miglogd 0x100
<226> _send_queue_item()-488: type=11, cat=0, logcount=0, len=0
<226> __on_pkt_recv()-1376: dev=global-faz type=11 pkt_len=21

<226> __on_pkt_recv()-1376: opt=52, opt_len=9
ewall policy <146> _send_queue_item()-488: type=11, cat=0, logcount=0, len=0
<146> __on_pkt_recv()-1376: dev=global-faz type=11 pkt_len=21

<146> __on_pkt_recv()-1376: opt=52, opt_len=9
<226> _send_queue_item()-488: type=3, cat=1, logcount=1, len=284
<226> _send_queue_item()-488: type=11, cat=0, logcount=0, len=0
<226> __on_pkt_recv()-1376: dev=global-faz type=11 pkt_len=21

 

  • It is possible to increase the miglogd-children process.

First determine the number of miglogd process as per command:


diag sys process pidof miglogd <----- Output as per below.
182
242


This will display the process ID pid of the miglogd process.

1 Main and 1 child process. For efficiency of logs, the child process can be increased as per below:

 

get sys performance status <----- Ensure enough memory is free.
config system global
get | grep miglogd
    set miglogd-children 2
get sys performance status <----- Check the resource status again.

 

  • Other checks of miglogd process can be done as per the command 'diag test app miglogd' and it displays the whole list of optional checks.


If point 2 fails, refer to the below KB article:
Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity

 

Other useful document:

Log-related diagnose commands

 

Related article:

Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity