FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vpoluri
Staff
Staff

Description


This article provides basic troubleshooting when the logs are not displayed in FortiView

Useful links:
Logging FortiGate traffic
Logging FortiGate traffic and using FortiView


Solution

 

Log traffic must be enabled in firewall policies:
#config firewall policy
#    edit <Policy_id>
#        set logtraffic all/utm
#end
 
Check the log settings and select from the following:
#config log setting
#set  
resolve-ip                Add resolved domain name into traffic log if possible.
resolve-port              Add resolved service name into traffic log if possible.
log-user-in-upper         Enable/disable collect log with user-in-upper.
fwpolicy-implicit-log     Enable/disable collect firewall implicit policy log.
fwpolicy6-implicit-log    Enable/disable collect firewall implicit policy6 log.
log-invalid-packet        Enable/disable collect invalid packet traffic log.
local-in-allow            Enable/disable collect local-in-allow log.
local-in-deny-unicast     Enable/disable collect local-in-deny-unicast log.
local-in-deny-broadcast   Enable/disable collect local-in-deny-broadcast log.
local-out                 Enable/disable collect local-out log.
daemon-log                Enable/disable collect daemon log.
neighbor-event            Enable/disable collect neighbor event log.
brief-traffic-format      Enable/disable use of brief format for traffic log.
user-anonymize            Enable/disable anonymize log user name.
expolicy-implicit-log     Enable/disable collect explicit proxy firewall implicit policy log.
log-policy-comment        Enable/disable insertion of policy comment in to traffic log.
#end
 
Example:
#set resolve-ip enable
 
Configure where the logs will be sent:
#config log memory/disk/fortianalyzer/syslog setting
#    set status enable
#end
 
Select the source of the log information in FortiView:
#config log gui-display
#set location 
memory           Display memory log.
disk             Display disk log.
fortianalyzer    Display FortiAnalyzer log.
forticloud       Display FortiCloud log.
#end
 
Check that the severity is set to information, to view ALL the logs from the lowest severity level:
#config log memory/disk/fortianalyzer/syslog filter
#set severity information
#set
forward-traffic     : enable
local-traffic       : enable
multicast-traffic   : enable
sniffer-traffic     : enable
anomaly             : enable
voip                : enable
dns                 : enable
filter              :
filter-type         : include
 
Execute the following to restart the miglogd process:
 
#diag sys top 2 50
 
Wait some seconds to verify the PID of  miglog, in this example is "55"
 
         newcli      2151      R       1.4     1.0
         sshd        2149      S       0.4     0.7
         httpsd       147      S       0.0     1.6
         pyfcgid     2147      S       0.0     1.5
         miglogd       55      S       0.0     1.4
 
NOTE: Since 6.2 you will be able to find the process ID via:
 
# diag sys process pidof miglog
 
#diag sys kill 11 <PID>       -->     #diag sys kill 11 55
 
As an alternative you can as well use the following command to restart all miglogd processes at once:
fnsysctl killall miglogd
 
Run a log test:
 
#diag log test
 
To view the logs in FortiView from the FortiGate GUI either:
-Log off & and log on again
-Refresh the page
 
The logs will be shown under Log & Report

 

Related Articles

Technical Note : Logs not displayed because of corrupted flash memory