Description
This article describes the first workaround steps in case of unable to retrieve the Forward traffic logs or Event logs from the FortiCloud.
However, memory/disk logs can be fetched and displayed from GUI.
Scope
FortiGate.
Solution
Check internet connectivity and confirm it resolves hostname 'logctrl1.fortinet.com'.
execute ping logctrl1.fortinet.com
PING logctrl1.fortinet.com (208.91.113.103)
Validate FortiCloud log state.
V7.2.3 and below:
diagnose test application miglogd 20
V7.2.4 and above:
diagnose test application fgtlogd 20
Check the server status is 'UP'.
diagnose test application miglogd 20
Home log server:
Address: 208.91.113.194:514, st: up
oftp status: established
spos: 521, slen: 521
rpos: 24, rlen: 24
Alternative log server:
Address: 208.91.113.101:514, st: unknown
oftp connection haven't been established
Active log server: HOME
Number of log task: 0
Number of task in list: 0
Debug zone info:
Server IP: 208.91.113.194
Server port: 514
Server status: up
Log quota: 102400MB
Log used: 394MB
Daily volume: 20480MB
FDS arch pause: 0
fams archive pause: 0
stats: total=610774, acked=610774, discard=0, rejected=0
The problem cause is because of connection timeout with the TCP connection during when logs are retrieved from FortiCloud. The same can be checked with the sniffers collected on FortiGate when we refresh the Traffic/Event log display page from GUI.
The problem solution is with increase in the connection time-out under FortiGuard settings:
config log fortiguard setting
(setting) # show full-configuration
config log fortiguard setting
set status enable
set upload-option realtime
set enc-algorithm high
set source-ip 0.0.0.0
set conn-timeout 60 <----- (Range is from 1 to 3600 in sec.
end
Increasing the timeout will keep the TCP connection towards the FortiCloud stable.
This will ensure that the logs from the FortiCloud are collected and displayed properly.
Related article:
Troubleshooting Tip: FortiCloud connection failure
