FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
This article indicates FortiAnalyzer HA configurations that will not synchronize.
Scope
FortiAnalyzer.
Solution
Configuration synchronization in a FortiAnalyzer (HA) cluster provides both redundancy and load balancing across all units. The following components are synchronized across the cluster:
Device Manager.
Incidents & Events.
Reports.
Most system settings.
However, the following configurations are excluded from synchronization between HA units:
HA settings.
Network configurations.
Local certificates.
Device event logs.
If the HA pair is stuck in the 'config-sync: negotiating' state, review and adjust the configuration settings on both units to resolve the issue.
Error message:
msg="HA config-sync: negotiating with primary" desc="HA sync info" operation="HA negotiation" performed_on="primary" changes="HA config-sync: negotiating with primary" tz="-0400" devid="FAZ81GT22400XXXX" devname="FAZ81GT22400XXXX"
Steps for troubleshooting:
Check HA-related configurations.
Check if the local certificate has been used.
If yes, upload the local certificate on both units.
Debug commands that can be used to run on both Primary and Secondary:
