Help
FortiSIEM Discussions
adem_netsys
Contributor

Created on ‎07-25-2024 10:04 AM Edited on ‎08-01-2024 09:47 AM

No logs from Device

Ekran görüntüsü 2024-08-01 145157.pngEkran görüntüsü 2024-08-01 163058.pngI currently have a rule called "no logs from device" and I expect this rule to be triggered when there is no log from a device, but a device went down and although it did not send logs for a while, the rule was not triggered, is there a custom rule you use for this situation or how can I use it more effectively?

402
0 Kudos
5 REPLIES 5
adem_netsys
Contributor

Created on ‎07-27-2024 03:45 AM

Does anyone know about this?

374
0 Kudos
bluehawk
New Contributor II
In response to adem_netsys

Created on ‎07-27-2024 03:57 AM

Was the device that is down part of the internal system?

371
0 Kudos
adem_netsys
Contributor
In response to bluehawk

Created on ‎07-27-2024 04:00 AM

The DC machine is down, but we're getting logs from many machines. So there may be a machine change.

370
0 Kudos
bluehawk
New Contributor II
In response to adem_netsys

Created on ‎07-27-2024 04:14 AM

I just checked, and the default rule is working fine, version 7.2.0

363
0 Kudos
adem_netsys
Contributor
In response to bluehawk

Created on ‎08-01-2024 07:54 AM

@bluehawk

Although there was no log for about 12 hours, the rule was not triggered, I tried it on a sample machine with the same result. We get logs with windows agent. Do you have any idea?

 

Ekran görüntüsü 2024-08-01 145157.png

233
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.