Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
ebilcari
Staff
Staff

Created on ‎03-15-2024 12:53 AM Edited on ‎01-03-2025 01:07 AM By Moderator

Article Id 303904

Troubleshooting Tip: Using Events and Audit logs to identify configuration changes or new issues

Description

 

This article describes how to use events and audit logs in cases when a new issue arises on an existing setup that was previously working normally. This also applies to an intermittent issue that appears at a specific time only.

 

Scope

 

FortiNAC.

 

Solution

 

Events and Alarms:

The event can be filtered on the required time period covering only the time when the issue happened. The results can also be exported in different file formats, the CSV format could be the best fit in case it needs to be uploaded inthe  TAC support ticket:

 

dates-event.PNG

 

This will help while searching in the large log files (ex. output.master or output.nessus) for specific keywords and the correct timestamp when this issue actually happened. Generating a log-snapshot of FNAC as soon as the issue happens, increases the chances that the log files will cover the same time window as the incident present in the event logs. Depending on network activity or debugs enabled, the log files can be quickly filled up and may cover only a short period of time.

 

The example below shows a correlation between the information shown in the GUI and the same event recorded also in the master log file. The information shown in the GUI is stored separately in the database.

 

FGT-events.png

 

The logs in the output master will show a more extended view of these events, in the case when specific debugs are enabled more information will be available.

 

yams.TelnetServer INFO :: 2024-03-08 10:48:22:239 :: #441 :: Warning: failed to create an SSH2 session for FGT-61E at 192.168.255.0

-

org.apache.http.conn.ConnectTimeoutException: Connect to 192.168.255.0:443 [/192.168.255.0] failed: connect timed outyams SEVERE :: 2024-03-08 10:49:24:761 :: #332 :: at org.apache.http.impl.connefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:151)
yams SEVERE :: 2024-03-08 10:49:24:761 :: #332 :: at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
yams SEVERE :: 2024-03-08 10:49:24:761 :: #332 :: at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)

-

yams INFO :: 2024-03-08 10:49:34:768 :: #332 :: CommonMib getArpCacheSNMP error: 2 0 reading 1.3.6.1.2.1.4.22.1.2 from device 192.168.255.0

-

yams.TelnetServer INFO :: 2024-03-08 10:50:41:776 :: #332 :: Warning: failed to create an SSH2 session for FGT-61E at 192.168.255.0

 

Note

In case when more information is needed related to the event generation process itself, a logger can be enabled:

 

diagnose debug logger set fine yams.ScriptProfile

 

Many events will show by default but other events can also be enabled from the Management tab:

 

enable-disable.PNG

 

Audit Logs:

The audit logs are more focused on the changes done to the configuration and will cover every change done in the system since the initial deployment:

 

audit logs.PNG

 

These logs are helpful to track the changes done on the system. To export the content in case it needs to be uploaded in the TAC support ticket, the Legacy View needs to be first enabled in System -> Feature Visibility:

 

feature visibility.PNG

 

And then with a similar view like Event Viewer, the content can be now exported:

 

audit-export.png

 

Related article:
Technical Tip: FortiNAC general troubleshooting guide. 

519
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.