|
FortiGate fails to send logs to the FortiGate Cloud Log Server, and the following errors appear in the fgtlogd debug output:
diagnose debug application fgtlogd -1
diagnose debug enable
2024-06-14 11:02:27 <15003> _enqueue_lz4()-684: Failed to allocate memory for log queue.
2024-06-14 11:02:27 <15003> _enqueue_lz4()-684: Failed to allocate memory for log queue.
2024-06-14 11:02:27 <15003> _enqueue_lz4()-684: Failed to allocate memory for log queue.
2024-06-14 11:02:27 <15003> _enqueue_lz4()-684: Failed to allocate memory for log queue.
2024-06-14 11:02:27 <15003> _enqueue_lz4()-684: Failed to allocate memory for log queue.
Additionally, FDS counters are not increasing despite running the diag log test command multiple times.
Before running the 'diagnose log test':
diagnose test application fgtlogd 4
Queues in all miglogds: cur:8651 total-so-far:12223382
global log dev statistics:
faz=0, faz_cloud=0, fds_log=433622518
fds: sent=254424574, failed=0, cached=0, dropped=7186529
Num of REST URLs: 0
After running the 'diagnose log test':
diagnose test application fgtlogd 4
Queues in all miglogds: cur:8651 total-so-far:12223382
global log dev statistics:
faz=0, faz_cloud=0, fds_log=433693241
fds: sent=254424574, failed=0, cached=0, dropped=7186529
Num of REST URLs: 0
Logs are queued in the Confirm Queue for FortiCloud but are not being sent:
diagnose test app fgtlogd 30
2024-11-27 14:26:26 VDOM:root
2024-11-27 14:26:26 Memory queue for: fds
2024-11-27 14:26:26 queue:
num:0 size:0(0MB) total size:52428780(49MB) max:52428800(50MB)
2024-11-27 14:26:26 'total log count':0, 'total data len':0
2024-11-27 14:26:26 Confirm queue for: fds
2024-11-27 14:26:26 queue:
num:11894 size:52428780(49MB) total size:52428780(49MB) max:52428800(50MB) <-----
2024-11-27 14:26:26 type:3, 2024-11-27 14:26:26 cat=0, log_count=41, seq_no=7773051, 2024-11-27 14:26:26 data len=7659 size:7743
This issue has been resolved in FortiOS versions:
- v7.2.11(scheduled to be released in February; 2025).
- v7.4.7 (available to download from the Fortinet support portal).
- 7.4.8 (scheduled to be released in April; 2025).
- 7.6.1 (available to download from the Fortinet support portal).
These timelines for firmware release are estimates and may be subject to change.
Refer to this KB article below for instructions on downloading the firmware from the Fortinet Support portal: Technical Tip: How to manually download Firmware of FortiGate and how to upload it on FortiGate
Workaround:
Restarting fgtlogd process may resolve the issue temporarily:
fnsysctl killall fgtlogd
General debug information required by FortiGate TAC for investigation:
- Debugs:
diagnose debug application fgtlogd -1
diagnose debug console timestamp enable
diagnose debug enable
<wait for a 2-3 minutes>
diagnose test application fgtlogd 3
diagnose test application fgtlogd 4
diagnose test application fgtlogd 30
diagnose test application fgtlogd 41
diagnose test application fgtlogd 20
- Restart fgtlogd and Collect Further Debugs:
fnsysctl killall fgtlogd
Run the following command until it shows '_enqueue_lz4()-684: Failed to allocate memory for log queue.', and capture additional outputs:
diagnose sniffer migsock filter name=fds
diagnose sniffer migsock start
<collect the output for at least 10 minutes>
diagnose debug reset
- TAC Report:
execute tac report
- Configuration file of the FortiGate.
|
