Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
aalrefai
Staff
Staff

Created on ‎12-18-2024 08:00 AM Edited on ‎03-11-2025 02:13 AM By Moderator

Article Id 365451

Technical Tip: Logs disappeared in log view, it shows error 'CSRF verification failed. Request aborted'

Description

 

This article discusses a situation that happens after upgrading FortiAnalyzer to v7.4.4 or later, logs disappear from Logview, while log forwarding works fine and FortiAnalyzer ingests logs normally.

 

Scope

 

FortiAnalyzer v7.4.4 and later.

 

Solution

 

The log view keeps loading and fails to show the logs, instead, it shows a verification failed error as below:

 

image (19).png

 

  • In v7.4.4 a new command was introduced, when set, it will be used instead of the client host header for any redirection:

 

config system global

    set admin-host

 

admin host.png

 

  • If setting admin-host with some value, this value will replace the IP in the URL request, FortiAnalyzer will validate the legal URL request by checking the IP in the URL request with the host IP, however, in this case, the value of the hostname is admin-host value instead of the FortiAnalyzer's host IP.

 

  • The IP in the request is not similar to the admin-host value, which is why it fails the verification.

 

  • As a workaround: 

   

config system global

    unset admin-host
end

 

unset.png

150
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.