Description
This article explains the possible reason why the 'Local Logs' tab under Log & Report -> Log Settings and the Local tab under Log & Report -> Reports are not available on FortiOS 7.2.4.
Note: Local reports are only available on FortiGates that have local disk storage.
Scope
FortiGate 7.2.4+.
Solution
The possible reason is due to misconfiguration or incomplete security fabric setup on the FortiGate during or before the upgrade.
A minimum of a FortiAnalyzer and two or more FortiGates are required to participate in the Security Fabric.
This feature should be disabled if the minimum requirements are not met.
If the security fabric setup is incomplete, the 'Local' tab will be missing under Report Section and the 'Local log' tab will be missing under Log Settings.
Steps:
- An incomplete security fabric setup could be configured during or before upgrading to FortiOS 7.2.4.
In this environment, a non-existent security fabric is joined with an unknown upstream FortiGate IP of 1.1.1.1. From Fabric Connector -> Security Fabric Setup. Fabric status is now in 'Connecting' status.
-
When the issue happens, the 'Local Logs' tab is missing from Log & Report ->Log Settings, hence it is not possible to make any changes to local logs settings.
-
In addition, it is also possible to observe that 'Local' is missing from the Log & Report -> Reports section, therefore local reports are not able to be seen or generated.
-
With no existing fabric configured in this environment, the Security Fabric setup must be disabled and the Security Fabric role must be in standalone mode to resolve this issue.
It is possible to disable the Security Fabric setup by setting the role as 'Standalone' under Security Fabric -> Fabric Connector -> Security Fabric Setup -> Edit.
-
Once the changes are applied to the Security Fabric setup, 'Local logs' and 'Local' reports tabs will reappear under Log & Report -> Log Settings and Log & Report -> Reports.
