FortiSIEM Discussions
JohnCheong
New Contributor II

Analytic : Availability Incidents "No logs from a device".

"No logs from a device" rank top in the availability 
1.jpg

But, how to show which device not sending out the logs.

2.jpg



1 Solution
premchanderr
Staff
Staff

Hi @JohnCheong 

You can add a display condition to view complete raw log and when you expand for event details you can view host ip or device ip etc field which would show the device.

Regards,
Prem Chander R

View solution in original post

2 REPLIES 2
premchanderr
Staff
Staff

Hi @JohnCheong 

You can add a display condition to view complete raw log and when you expand for event details you can view host ip or device ip etc field which would show the device.

Regards,
Prem Chander R
Samdobreva1988
New Contributor II

It seems like you're dealing with an analytic related to "Availability Incidents" and the message you're encountering is "No logs from a device." This type of message typically indicates that a device, system, or resource that is being monitored for availability is not sending any logs or data to the monitoring system.

Here are some steps you can take to address this issue:

1. **Check Device Connectivity**: Ensure that the device you're monitoring is properly connected to the network and is functional. If the device is offline, not powered on, or experiencing network issues, it might not be sending logs.

2. **Review Device Configuration**: Verify that the device's logging configuration is set up correctly. Make sure that the device is configured to send logs to the appropriate destination, which could be a log server, SIEM (Security Information and Event Management) system, or any other monitoring tool you're using.

3. **Check Log Sending Mechanism**: Depending on the device and monitoring solution you're using, logs might be sent via protocols like syslog, SNMP traps, or custom APIs. Confirm that the logs are being sent using the correct protocol and that the destination information (IP address, port, etc.) is accurate.

4. **Firewall and Network Settings**: Check if there are any firewall rules or network configurations that might be blocking the logs from reaching the monitoring system. Ensure that the necessary ports and protocols are allowed through the network.

5. **Log Volume and Rate**: If the device generates a high volume of logs, the monitoring system might be overwhelmed, causing logs to be dropped. Review the capacity and resource limits of your monitoring solution.

6. **Device Software/Firmware Update**: Outdated device software or firmware might cause issues with log transmission. Make sure the device is running the latest software/firmware updates.

7. **Monitoring System Configuration**: Double-check the configuration on your monitoring system to make sure it's set up to receive logs from the specific device. Ensure that the device is associated with the correct monitoring profile.

8. **Debugging and Logging on Device**: Check the logs and debugging information on the device itself. It might provide insights into why logs are not being sent. Look for any error messages or warnings related to log transmission.

9. **Check Monitoring Solution**: If you're using a monitoring tool or platform, review its logs and status. There might be issues on the monitoring side that prevent it from receiving logs.

10. **Contact Support**: If you're unable to identify the issue or resolve it on your own, consider reaching out to the technical support of your monitoring solution, as well as the support for the device you're monitoring.

Remember that troubleshooting availability incidents often involves a combination of checking both the device being monitored and the monitoring solution itself. The exact steps can vary based on the specific tools and devices you're using.

Sam Dobreva
Sam Dobreva
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"