Troubleshooting Tip: Troubleshooting link state syslog messages

cmaheu · ‎08-17-2025

Description

This article describes the troubleshooting steps to use when FortiNAC does not accurately reflect the link state of a switch port using syslog messages to notify a link state change.

Scope

vF 7.2, vF 7.4, vF 7.6.

Solution

Confirm FortiNAC supports link state syslog messaging for the device.
Verify link state Syslog messages are configured properly on the device.

Syslog messages must be sent to the FortiNAC port1 IP address
Syslog messages must be sourced by the IP address used to model the switch in Inventory

In the FortiNAC CLI, use tcpdump to confirm Syslog messages are reaching the appliance when the device connects or disconnects.

CentOS:

tcpdump -nni eth0 host <Device IP modeled in Inventory> and port 514

FortiNAC-OS:

execute tcpdump -i port1 host <Device IP modeled in Inventory> and port 514

If Syslog is reaching the appliance, enable debugs.

CentOS:

nacdebug –name SyslogServer true
nacdebug -name BridgeManager true

FortiNAC-OS:

diagnose debug plugin enable SyslogServer
diagnose debug plugin enable BridgeManager

Start tailing the logs and look for syslog activity while connecting/disconnecting device.

CentOS:

tf /bsc/logs/output.master

FortiNAC-OS:

diagnose tail -F output.master

Type Ctrl-C to stop the tail process.

If further diagnosis is required, see Technical Tip: Gather logs for debugging and troubleshooting to gather the logs and submit them to Technical Support.

Troubleshooting Tip: Troubleshooting link state syslog messages

You are leaving our website