FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
krangaraj_FTNT
Article Id 193954
Description
This article relates to the situation where the VPN report shows blank when ran on a FortiAnalyzer. Also, the datasets do not return any log data even when running the datasets related to the VPN chart.

The reason for this is a design change on FortiAnalyzer datasets.  FortiAnalyzer uses VPN logs with action='tunnel-stats' and most of the VPN related datasets use this field to get bandwidth and duration data. If the raw VPN logs being forwarded by the FortiGate devices do not contain the field action='tunnel-stats', then no data will be returned in reports/datasets.

Scope
Firmware v5.0.8 and above, and v5.2.0.

Solution
The FortiGate should send the 'tunnel-stats' log to FortiAnalyzer. To achieve this it is important to make sure that the FortiGate has the following config set:

config system settings
set vpn-stats-log ipsec ssl
set vpn-stats-period 300
end

Note: After applying the above change, allow adequate time for the logs to be collected by the FortiAnalyzer before running the report.

Contributors