|
At FortiAnalyzer, go to Log View -> FortiGate -> Traffic -> Filter:
- Time filter = 30 days ago.
- Device = FGT_A.
- destination ip = 1.2.3.4 .
- source ip = 10.10.10.10.
However, FortiAnalyzer is unable to get the information from the above filter.
At FortiAnalyzer, go to Log View -> Log Browse -> Filter:
- Time filter = 30 days ago
- Device = FGT_A
- destination ip = 1.2.3.4
- source ip = 10.10.10.10
After that, it will show (.tlog) type, which means it is a traffic log.
For example, it shows 3 (.tlog) type logs, select 1 of them and double click to go inside and filter to search it.
- destination ip = 1.2.3.4
- source ip = 10.10.10.10
If all 3 (.tlog) type logs also do not show the information, it means that the FortiGate does not send (destination ip = 1.2.3.4 & source ip = 10.10.10.10) log information to FortiAnalyzer from the beginning.
Troubleshooting steps:
- Generate traffic related to (destination ip = 1.2.3.4 & source ip = 10.10.10.10).
- At FGT_A, go to Log & Report -> Forward Traffic (log location change from FortiAnalyzer to memory/disk), monitor the real-time traffic logs is it (destination ip = 1.2.3.4 & source ip = 10.10.10.10) information is generated.
If no (destination ip = 1.2.3.4 & source ip = 10.10.10.10) log information is generated from FGT_A, go to the firewall policy to check it and fine-tune it.
On Fortianalyzer fortilogd status can also be checked using the following command:
diag fortilogd status
|
