Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nradia_FTNT
Staff
Staff

Created on ‎02-26-2025 07:31 AM Edited on ‎12-14-2025 01:24 PM By Community Manager

Article Id 378881

Troubleshooting Tip: Device(s) stopped sending logs to SOCaaS error on FortiCloud portal

Description This article describes how to handle an issue where the device stopped sending logs.
Scope

FortiGate v6.x, v7.x.
Solution

The following error is seen on the FortiCloud portal:

 

Logging Error.png


Logging Error 2.png

 

  • Check if the license is there for SOC As A Service.
  • If in High Availability, check if the license is there for both units in HA.
  • Check if any crashes in the crashlog (diagnose debug crashlog read) or conserve mode or HA failover are associated with it.
  • SOCaaS relies on FortiAnalyzer for log forwarding rather than receiving logs directly from FortiGate. Make sure connectivity between FortiGate and FortiAnalyzer is stable, as well as logs are sent from FortiGate to FortiAnalyzer.
  • Check if there is any matching log in memory or FortiAnalyzer Cloud if using. It may show something like: Log Description: 'FortiAnalyzer ... logs may show that from <date> <time> the connection to FortiAnalyzer Cloud was down. It recovered spontaneously'. That may indicate a temporary network connection issue.

 

Related documents: 

Sending logs to SOCaaS
Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity 
377
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.