Help
FortiSIEM Discussions
JohnCheong
New Contributor II

Created on ‎08-03-2023 09:55 PM

Analytic : Availability Incidents "No logs from a device".

"No logs from a device" rank top in the availability 
1.jpg

But, how to show which device not sending out the logs.

2.jpg

 



 

1427
0 Kudos
1 Solution
premchanderr
Staff
Staff

Created on ‎08-03-2023 10:45 PM

Hi @JohnCheong 

You can add a display condition to view complete raw log and when you expand for event details you can view host ip or device ip etc field which would show the device.

Regards,
Prem Chander R

View solution in original post

1416
4 REPLIES 4
premchanderr
Staff
Staff

Created on ‎08-03-2023 10:45 PM

Hi @JohnCheong 

You can add a display condition to view complete raw log and when you expand for event details you can view host ip or device ip etc field which would show the device.

Regards,
Prem Chander R
1417
Samdobreva1988
New Contributor II

Created on ‎08-15-2023 02:06 AM Edited on ‎10-23-2024 11:44 PM

It seems like you're dealing with an analytic related to "Availability Incidents" and the message you're encountering is "No logs from a device." This type of message typically indicates that a device, system, or resource that is being monitored for availability is not sending any logs or data to the monitoring system.

Here are some steps you can take to address this issue:

1. **Check Device Connectivity**: Ensure that the device you're monitoring is properly connected to the network and is functional. If the device is offline, not powered on, or experiencing network issues, it might not be sending logs.

2. **Review Device Configuration**: Verify that the device's logging configuration is set up correctly. Make sure that the device is configured to send logs to the appropriate destination, which could be a log server, SIEM (Security Information and Event Management) system, or any other monitoring tool you're using.

3. **Check Log Sending Mechanism**: Depending on the device and monitoring solution you're using, logs might be sent via protocols like syslog, SNMP traps, or custom APIs. Confirm that the logs are being sent using the correct protocol and that the destination information (IP address, port, etc.) is accurate.

4. **Firewall and Network Settings**: Check if there are any firewall rules or network configurations that might be blocking the logs from reaching the monitoring system. Ensure that the necessary ports and protocols are allowed through the network.

5. **Log Volume and Rate**: If the device generates a high volume of logs, the monitoring system might be overwhelmed, causing logs to be dropped. Review the capacity and resource limits of your monitoring solution.

6. **Device Software/Firmware Update**: Outdated device software or firmware might cause issues with log transmission. Make sure the device is running the latest software/firmware updates.

7. **Monitoring System Configuration**: Double-check the configuration on your monitoring system to make sure it's set up to receive logs from the specific device. Ensure that the device is associated with the correct monitoring profile.

8. **Debugging and Logging on Device**: Check the logs and debugging information on the device itself. It might provide insights into why logs are not being sent. Look for any error messages or warnings related to log transmission.

9. **Check Monitoring Solution**: If you're using a monitoring tool or platform, review its logs and status. There might be issues on the monitoring side that prevent it from receiving logs.

10. **Contact Support**: If you're unable to identify the issue or resolve it on your own, consider reaching out to the technical support of your monitoring solution, as well as the support for the device you're monitoring.

Remember that troubleshooting availability incidents often involves a combination of checking both the device being monitored and the monitoring solution itself consejosandroid.mx. The exact steps can vary based on the specific tools and devices you're using.

Sam Dobreva
Sam Dobreva
1371
jennyrose231
New Contributor
In response to Samdobreva1988

Created on ‎08-13-2024 03:06 AM Edited on ‎10-23-2024 11:48 PM

@Samdobreva1988 wrote:

It seems like you're dealing with an analytic related to "Availability Incidents" and the message you're encountering is "No logs from a device." This type of message typically indicates that a device, system, or resource that is being monitored for availability is not sending any logs or data to the monitoring system.

Here are some steps you can take to address this issue:

1. **Check Device Connectivity**: Ensure that the device you're monitoring is properly connected to the network and is functional. If the device is offline, not powered on, or experiencing network issues, it might not be sending logs.

2. **Review Device Configuration**: Verify that the device's logging configuration is set up correctly. Make sure that the device is configured to send logs to the appropriate destination, which could be a log server, SIEM (Security Information and Event Management) system, or any other monitoring tool you're using.

3. **Check Log Sending Mechanism**: Depending on the device and monitoring solution you're using, logs might be sent via protocols like syslog, SNMP traps, or custom APIs. Confirm that the logs are being sent using the correct protocol and that the destination information (IP address, port, etc.) is accurate.

4. **Firewall and Network Settings**: Check if there are any firewall rules or network configurations that might be blocking the logs from reaching the monitoring system. Ensure that the necessary ports and protocols are allowed through the network.

5. **Log Volume and Rate**: If the device generates a high volume of logs, the monitoring system might be overwhelmed, causing logs to be dropped. Review the capacity and resource limits of your monitoring solution.

6. **Device Software/Firmware Update**: Outdated device software or firmware might cause issues with log transmission. Make sure the device is running the latest software/firmware updates.

7. **Monitoring System Configuration**: Double-check the configuration on your monitoring system to make sure it's set up to receive logs from the specific device. Ensure that the device is associated with the correct monitoring profile.

8. **Debugging and Logging on Device**: Check the logs and debugging information on the device itself. It might provide insights into why logs are not being sent. Look for any error messages or warnings related to log transmission.

9. **Check Monitoring Solution**: If you're using a monitoring tool or platform, review its logs and status. There might be issues on the monitoring side that prevent it from receiving logs.

10. **Contact Support**: If you're unable to identify the issue or resolve it on your own, consider reaching out to the technical support of your monitoring solution, as well as the support for the device you're monitoring.

Remember that troubleshooting availability incidents often involves a combination of checking both the device being monitored and the monitoring solution itself. The exact steps can vary based on the specific tools and devices you're using.

If you're encountering a "No logs from a device" message related to "Availability Incidents," it generally indicates that the device or system being monitored isn't sending data to the monitoring system. To resolve this, ensure the device is properly connected to the network and operational, as offline or network issues can prevent log transmission. Verify that the device's logging settings are correctly configured to send logs to the appropriate destination, and confirm that the correct protocol (e.g., syslog, SNMP) and destination details are being used. Check if any firewall rules or network settings might be blocking logs, and make sure the monitoring system can handle the log volume without dropping data. It's also important to update the device's software or firmware and review the monitoring system's configuration to ensure everything is set up correctly. Inspect the device’s own logs for any errors related to log transmission, and check the monitoring tool's status for potential issues. If these steps don’t resolve the issue, reaching out to technical support for both the monitoring solution and the device might be necessary info on the website.

526
0 Kudos
gsd
New Contributor

Created on ‎11-05-2024 02:30 AM

Después de que se baja el sol y aparecen las estrellas, el camping muestra un encanto tranquilo. En el contexto de la oscuridad nocturna de la naturaleza, las carpas iluminadas y las lonas son un espectáculo bienvenido. La iluminación exterior Sandiario garantizan seguridad y un ambiente acogedor para que puedas continuar con la magia especial de la noche.

215
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.