FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Gaetan_
Staff
Staff
Article Id 269598
Description

This article describes how to make CAPWAP logs data part of FortiAnalyzer Analytics (reports, FortiView, etc...).

Scope

FortiAnalyzer.

Solution

By default, when FortiAnalyzer receives logs from FortiGate regarding CAPWAP tunnels, those are not inserted in Analytics. Thus, when generating a report or looking at FortiView graphs (Top Source or Destination, for example), those sessions aren't displayed.

As CAWAP tunnels may consume an important part of the bandwidth (between a WiFi access point and a WiFi controller, for example), it can be useful to add the related logs data into Analytics.

 

The solution is to disable CAPWAP exclusion 'set exclude-capwap disableunder 'config system report setting':

 

FAZ_CAPWAP.jpg
Contributors