Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Haxija
New Contributor II

Firewall stop showing logs neither through CLI nor GUI (601E)

Helo everyone,

Since yesterday, I cant see any log on the Fortigate (On friday, 3-4 days ago, it was working). I tryed through CLI and GUI. When I tryed in the web interface, the firewall starts searching for logs but it shows:

 

Haxija_1-1652171933723.png

 

The severity of the logs is set as Information:

 

config log memory filter
set severity information
set forward-traffic enable
set local-traffic enable
set multicast-traffic enable
set sniffer-traffic enable
set anomaly enable
set voip enable
set filter ''
set filter-type include
end

 

I read that maybe reformatting the flash disk it get solved, but I would like to confirm it and know if someone suffered this problem before.

 

The firewall is an Fortigate 601E with v6.4.8 firmware version.

 

I hope someone could give some advice.

Thank you in advance!

1 Solution
Haxija
New Contributor II

Helllo again,

 

Finally we resolved the problem by restarting the firewall.

We enable this option for checking the disk before rebooting it:

 

Haxija_1-1653382457953.png

 

After the device turned on again, we checked the logs and they were working correctly, the comand FG(global) # diagnose hardware test disk didnt show any fail.

 

Thank you for the help,

Regards,

Asi

View solution in original post

8 REPLIES 8
jintrah_FTNT
Staff
Staff

Hi,

 

I believe there isn't any time frame specified in the search, and FortiGate is actively reading all the content to match your required criteria in the search, and at the time of warning shown above, it read 2 % of the entire data. Please check if you are able to retrieve any log for last Friday.

 

Best regards,

Jin

Haxija
New Contributor II

Hi,

Firstly, thank you for your answer. When I dont specify any filter, it usually shows me every logs.

Even though, I did another search trying to show any log from friday to actually but it still shows anything, it appears the same message form the screenshot I posted before. If I wait, nothing is shown (in the bottom a message appears and does not change "Request is proceeding slowly: 2% complete")

Haxija_1-1652178130903.png

 

I forget to say, that all the logs there are just recorded on the hard disk.

kind regards,

Asi

jintrah_FTNT

Hello Asi,

 

You are most welcome!

In this case, please check the output of command get sys status, does the disk status show as available or something else? If its in available state, we may probably try restarting miglogd process, and check if logs are displayed.

 

Best regards,

Jin

Haxija
New Contributor II

Hello Jin,

Thank you for the help.

 

I found this next comand in the cookbook:

diagnose sys process daemon-auto-restart disable miglogd
diagnose sys process daemon-auto-restart enable miglogd

But it generates me a question which is not resolve in documentation. Restarting this service, Do you know if it will generate any service interruption? If the answer is yes, I will need make the change out of working hours.

Kind regards,

Asi

jintrah_FTNT

Hello Asi,

 

miglogd is only responsible for logging, so user traffic should not have any interruption.

 

Best regards,

Jin

Haxija
New Contributor II

Hi Jin,

 

I tryed to kill the process but it didnt work. I tryed using the comands mentioned before and with "fnsysctl killall miglogd". (By the way, I didnt answer you about "get sys status", the disk status is avaliable)

 

Then I have been searching for other solutions and I found the "diagnose hardware test". When I executed the test, this is what I discover:

 

FG(global) # diagnose hardware test disk
Test Begin at UTC Time Tue May 10 14:46:29 2022


14:46:29 ( 0s) ==> HDD Single Block Write/Read/Verify Test

Testing /dev/sda...
/dev/sda : OK [ OK ]
Testing /dev/sdb...
/dev/sdb : OK [ OK ]
Testing /dev/sdc...
/dev/sdc : OK [ OK ]

14:46:29 ( 0s) <== HDD Single Block Write/Read/Verify Test - [[ PASS ]]


14:46:29 ( 0s) ==> File Test (data)


Writing file /data/filetest.txt, 4194304 Bytes
Checking file /data/filetest.txt, 4194306 Bytes
File checksum verification passed on /data/filetest.txt
Remove /data/filetest.txt after test

14:46:29 ( 0s) <== File Test (data) - [[ PASS ]]


14:46:29 ( 0s) ==> File Test (data2)


Writing file /data2/filetest.txt, 4194304 Bytes
Checking file /data2/filetest.txt, 4194306 Bytes
File checksum verification passed on /data2/filetest.txt
Remove /data2/filetest.txt after test

14:46:29 ( 0s) <== File Test (data2) - [[ PASS ]]


14:46:29 ( 0s) ==> Logdisk File Test


Writing file /var/log/fwrv, 104857600 Bytes
Failed to open file for writing (/var/log/fwrv): Read-only file system

14:46:29 ( 0s) <== Logdisk File Test - [[ X FAIL X ]]


Test End at UTC Time Tue May 10 14:46:29 2022

Total Elapsed Time: 0 seconds (0m 00s).


========================= Fortinet Hardware Test Report =========================


DISK
HDD Single Block Write/Read/Verify Test....................... PASS
File Test (data).............................................. PASS
File Test (data2)............................................. PASS
Logdisk File Test............................................. FAIL X


FAILURE:
1. DISK-Logdisk File Test: Failed to open file for writing (/var/log/fwrv): Read-only file system

 

There is some problem why the firewall cant write logs disk.

 

If you have any idea of how to resolve this, let me know. I will be searching for solution meanwhile.

 

Regards,

Asi

jintrah_FTNT

Hello Asi,

 

From the test results, I see the folder /var/log/fwrv couldn't be opened. Probably a restart might help, as hdd status is 'available' and also that other tests on the disk succeeded, but if you need detailed study I would suggest to open a FortiCare request.

 

Best regards,

Jin

Haxija
New Contributor II

Helllo again,

 

Finally we resolved the problem by restarting the firewall.

We enable this option for checking the disk before rebooting it:

 

Haxija_1-1653382457953.png

 

After the device turned on again, we checked the logs and they were working correctly, the comand FG(global) # diagnose hardware test disk didnt show any fail.

 

Thank you for the help,

Regards,

Asi

Labels
Top Kudoed Authors