Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dom_ruz
New Contributor

Fortigate had experienced an unexpected power off

Hi Experts,

I am new to this community and would like to ask for help and advice from all the experts out there.

Has anyone here already encountered an unexpected power-off and when you check the event logs it the power-off shows 15 minutes late. I have a Firewall that suddenly went down at 2:15 PM then went UP again at 2:30 PM. When I check the event logs it shows that the Fortigate had experienced an unexpected power off at 2:30 PM which is 15 minutes late.

Best Regards,



1 Solution
Toshi_Esumi
Esteemed Contributor II

It's probably because unlike a reboot when the FGT lost power it couldn't record anything by software like a time stamp because power was lost. Then when it came backup it gathered information from hardware as much as possible for what might have happened. But for the reason above the time stamp was not the part of info it was able to gather.

If it's in a-p HA, you can know when an a-p swap happens as the result of the down primary. But if it's a stand-alone and if you or someone was not there to experience the down in person, you wouldn't be able to tell exactly when it went down only based on the device's event log.

 

Toshi

View solution in original post

7 REPLIES 7
dom_ruz
New Contributor

I forgot to add, I would like to know why the log is showing late 15 minutes late,

Toshi_Esumi
Esteemed Contributor II

It's probably because unlike a reboot when the FGT lost power it couldn't record anything by software like a time stamp because power was lost. Then when it came backup it gathered information from hardware as much as possible for what might have happened. But for the reason above the time stamp was not the part of info it was able to gather.

If it's in a-p HA, you can know when an a-p swap happens as the result of the down primary. But if it's a stand-alone and if you or someone was not there to experience the down in person, you wouldn't be able to tell exactly when it went down only based on the device's event log.

 

Toshi

btan
Staff
Staff

Hi dom,

 

You may run below command to check the device's uptime to verify if the reboot log is genuine:

#get system performance status

Run below commands as well to possibly get more info:
#diag debug crashlog read
#diag alertconsole list

 

 

Regards,
Bon
dom_ruz
New Contributor

Hi Btan,

 

Thank you for the advice I have ran the commands.

#get system performance status - Server uptime shows 1 day 21 hours
#diag debug crashlog read - last crash log was 2021-12-15
#diag alertconsole list - the system start at 2:30 PM which.

I think what Toshi_Esumi advise earlier is right. 

dom_ruz

Hi Everyone,

 

I reached out to Fortinet support and was informed the log will be reported once the device is powered on.

They performed a test on their test firewalls. They power cycle their test firewall at 12:24, connected back at 12:27, and the device came back at 12:29, please see the logs sent by support

date=2021-12-24 time=12:29:01 eventtime=1640377738389147660 tz="-0800" logid="0100032009" type="event" subtype="system" level="information" vd="root" logdesc="FortiGate started" msg="Fortigate started"
date=2021-12-24 time=12:29:01 eventtime=1640377664961912960 tz="-0800" logid="0100032200" type="event" subtype="system" level="critical" vd="root" logdesc="Device shutdown" msg="Fortigate had experienced an unexpected power off!"

Thanks for everyone's help.

Toshi_Esumi
Esteemed Contributor II

That's what I tested before posting my original comment.   -Toshi

dom_ruz
New Contributor

Hi All,

 

Fortinet support did a test on their firewalls, please see their ticket update below:

Hi Customer,

Greetings from Fortinet TAC!
The log will be reported once the device is powered on and the log is expected to be generated when the device powers on. 

I did a power cycle at 12:24, connected back at 12:27, and the device came back at 12:29, here are the logs:

date=2021-12-24 time=12:29:01 eventtime=1640377738389147660 tz="-0800" logid="0100032009" type="event" subtype="system" level="information" vd="root" logdesc="FortiGate started" msg="Fortigate started"
date=2021-12-24 time=12:29:01 eventtime=1640377664961912960 tz="-0800" logid="0100032200" type="event" subtype="system" level="critical" vd="root" logdesc="Device shutdown" msg="Fortigate had experienced an unexpected power off!"


Thank you for everyone's help and advice.
Best Regards,