| Description | This article describes when only local traffic is not showing in FortiCloud. |
| Scope | FortiCloud. |
| Solution |
In some particular cases, it is possible to not see only forward traffic logs in the FortiCloud account.
On checking FortiGate's FortiGuard log and filter setting, all the necessary options are set to enable.
config log fortiguard setting set status enable set ssl-min-proto-version default set source-ip 0.0.0.0 set interface-select-method auto set upload-option 5-minute set priority default set max-log-rate 0 set enc-algorithm high set conn-timeout 10 end
config log setting set log-invalid-packet disable set local-in-allow enable set local-out enable end
config log fortiguard filter set severity information set local-traffic enable end
However, still local-traffic will not shown in FortiCloud.
The root cause of the issue is FortiCloud log upload option is set to 5 minutes so only logs saved locally by the FortiGate will be forwarded to the cloud and in the local log location setting local-traffic is disabled.
config log memory filter set local-traffic disable end
It is necessary to make sure the local-traffic option is enabled in the local log location memory/disk.
config log memory filter set severity information set local-traffic enable end
By design, FortiGate cloud shows only 'subtype=forward' traffic logs in the logview. If trying to view 'Local' traffic logs, now it is possible to switch FortiCloud to 'New Layout' like the below screenshot.
|
