This article describes the steps to review the FortiSwitch logs under FortiAnalyzer.
FortiAnalyzer 7.4.2 and above.
Prerequisite:
FortiGate 7.4.2 and above.
FortiSwitch connected to the FortiGate through the FortiLink.
On the FortiGate side:
config log fortianalyzer filter
set severity information
set forti-switch enable <----
end
On FortiAnalyzer, the FortiSwitch logs can be found under LogView -> FortiGate -> Event -> Switch Controller.
Example log:
date=2023-12-19 time=09:42:49 eventtime=1703007768578137210 tz="-0800" logid="2300056001" type="fsw" subtype="fsw-flow" level="information" vd="vdom1" switchid="S224DF3xxx" ftlkintf="fortilink" srcip=198.162.199.186 dstip=2.2.2.2 proto=6 rcvdpkt=30 rcvdbyte=40201 duration=33
Troubleshooting:
Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity
FortiGate:
FGT-A-LOG (vdom1) # execute log filter category 23
FGT-A-LOG (vdom1) # execute log filter dump
category: forti-switch <-----------------------
device: disk
start-line: 1
view-lines: 10
max-checklines: 0
HA member:
log search mode: on-demand
pre-fetch-pages: 2
Oftp search string:
FGT-A-LOG (vdom1) (Interim)# execute log display
1 logs found.
1 logs returned.
Related articles:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.