FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
vraev
Staff
Staff
Article Id 354832
Description

 

This article describes the steps to review the FortiSwitch logs under FortiAnalyzer.

 

Scope

 

FortiAnalyzer 7.4.2 and above.

 

Solution

 

Prerequisite:

FortiGate 7.4.2 and above.
FortiSwitch connected to the FortiGate through the FortiLink.

On the FortiGate side:

config log fortianalyzer filter

set severity information

set forti-switch enable <----

end

On FortiAnalyzer, the FortiSwitch logs can be found under LogView -> FortiGate -> Event -> Switch Controller.


faz_event_logs.png

 

Example log:

 

date=2023-12-19 time=09:42:49 eventtime=1703007768578137210 tz="-0800" logid="2300056001" type="fsw" subtype="fsw-flow" level="information" vd="vdom1" switchid="S224DF3xxx" ftlkintf="fortilink" srcip=198.162.199.186 dstip=2.2.2.2 proto=6 rcvdpkt=30 rcvdbyte=40201 duration=33


Troubleshooting:

Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity  

 


FortiGate:

FGT-A-LOG (vdom1) # execute log filter category 23
FGT-A-LOG (vdom1) # execute log filter dump
category: forti-switch <-----------------------
device: disk
start-line: 1
view-lines: 10
max-checklines: 0
HA member:
log search mode: on-demand
pre-fetch-pages: 2
Oftp search string:

FGT-A-LOG (vdom1) (Interim)# execute log display
1 logs found.
1 logs returned.

Related articles:

Contributors