Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
live89
Contributor

FAZ showing deleted vdoms

Hi

 

FAZ version : 5.6

FGT version : 5.4

 

FAZ keep showing old deleted vdoms , although I have deleted them from device manager but they keep showing back again ..

 

why is that ?

 

screenshot attached

 

Thanks

3 REPLIES 3
chall_FTNT
Staff
Staff

Usually this is because there are new logs arriving for that VDOM.  Have you deleted that VDOM from the FortiGate as well?  And is there is any other device forwarding logs from the FortiGate in question?

Chris Hall
Fortinet Technical Support
emnoc
Esteemed Contributor III

Yeah seen the  same behavior. You can open a case with TAC. It has nothing to do with   log_forward. If you craft a vdom and afterwards delete, if the FAZ picks it up it does NOT sync with FGT and delete the unused and deleted vdom

PCNSE 

NSE 

StrongSwan  

chall_FTNT

Actually, I should add that you should delete the VDOM from the CLI in order to ensure that all related logs already on the FortiAnalyzer are deleted as well.

 

exec log device vdom delete Device_Name VDOM_Name

 

For more detail, see the KB article How to delete a VDOM from FortiAnalyzer

 

Chris Hall
Fortinet Technical Support