FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
msuhaimi
Staff
Staff
Description This article describes how to troubleshoot no log received FortiAnalyzer VM.
Scope  
Solution

Section 1.

 

Check firmware compatibility between FortiGate and FortiAnalyzer.

 

Reference.

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/0955b58b-a143-11eb-b70b-005056...

 

Section 2.

 

1) Check FortiAnalyzer log setting on FortiGate.

 

From FortiGate CLI:


# config log fortianalyzer setting
# get
end

 

2) Test for log sending from FortiGate to FortiAnalyzer.

 

From FortiGate CLI:

 

# execute log fortianalyzer test-connectivity

 

3) Get tac report from FortiAnalyzer.

 

# execute tac report

 

Section 3.

 

Analyze all information/logs obtained.

If FortiGate is sending log to FortiAnalyzer successfully, check for any abnormal logs on FortiAnalyzer tac report.

 

If this output on FortiAnalyzer tac report is found/observed, this shows that the FortiAnalyzer is constantly out of memory.

 

<3>[97484.603631] Out of memory: Kill process 21679 (sqllogd) score 93 or sacrifice child
<3>[10818.372025] Out of memory: Kill process 3214 (sqllogd) score 98 or sacrifice child
<3>[10903.445266] Out of memory: Kill process 18473 (sqllogd) score 101 or sacrifice child
<3>[192634.804437] Out of memory: Kill process 31040 (java) score 89 or sacrifice child
<3>[192636.709845] Out of memory: Kill process 31040 (java) score 89 or sacrifice child

 

Suggest to customer to increase memory allocation for FortiAnalyzer.

 

Related document.

Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity