FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vkoodakandi
Staff
Staff
Article Id 195404
Description
This article describes the first workaround steps in case of unable to retrieve the Forward traffic logs or Event logs from the FortiCloud.
However, memory/disk logs can be fetched and displayed from GUI.


Solution
Check internet connectivity and confirm it resolves hostname 'logctrl1.fortinet.com'.
# execute ping logctrl1.fortinet.com
PING logctrl1.fortinet.com (208.91.113.103)
Validate FortiCloud log state.
Check the server status is 'UP'.

# diagnose test application miglogd 20
Home log server:
    Address: 208.91.113.194:514, st: up
    oftp status: established
    spos: 521, slen: 521
    rpos: 24, rlen: 24
Alternative log server:
    Address: 208.91.113.101:514, st: unknown
    oftp connection haven't been established
Active log server:  HOME
 Number of log task:     0
Number of task in list: 0
Debug zone info:
    Server IP:      208.91.113.194
    Server port:    514
    Server status:  up
    Log quota:      102400MB
    Log used:       394MB
    Daily volume:   20480MB
    FDS arch pause: 0
    fams archive pause: 0
stats: total=610774, acked=610774, discard=0, rejected=0
Problem cause is because of connection timeout with the TCP connection during when logs are retrieved from FortiCloud.
The same can be checked with the sniffers collected on FortiGate when we refresh the Traffic/Event log display page from GUI.

Problem solution is with increase in the connection time-out under FortiGuard settings:
# config log fortiguard setting
(setting) # show full-configuration

config log fortiguard setting
    set status enable
    set upload-option realtime                                                                                
    set enc-algorithm high
    set source-ip 0.0.0.0
    set conn-timeout 60    <----- (Range is from 1 to 3600 in sec.
end
Increasing the timeout will keep the TCP connection towards the FortiCloud stable.
This will ensure that the logs from the FortiCloud are collected and displayed properly.


Related Articles

Troubleshooting Tip: FortiCloud connection failure

Contributors