I currently have a rule called "no logs from device" and I expect this rule to be triggered when there is no log from a device, but a device went down and although it did not send logs for a while, the rule was not triggered, is there a custom rule you use for this situation or how can I use it more effectively?
Does anyone know about this?
Was the device that is down part of the internal system?
The DC machine is down, but we're getting logs from many machines. So there may be a machine change.
I just checked, and the default rule is working fine, version 7.2.0
Although there was no log for about 12 hours, the rule was not triggered, I tried it on a sample machine with the same result. We get logs with windows agent. Do you have any idea?
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.