Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Daryaya
New Contributor

log description = "BGP neighbor status changed"

When I check Fortianalyzer router events, I can see lots of "BGP neighbor status changed" events that my neighbors are down in for example last 4 hours. But when I do "get router info bgp neighbours" on Fortigate, I can see that my neighbours where up for 11 hours or so. is there any explanation for this? 

3 REPLIES 3
emnoc
Esteemed Contributor III

Will fortianalyzer just reads the logs from your firewall it does not magically create a log ;)

 

Let's try this;

 

1st clear any filters on the said device via the cli

 

 

execute log filter reset 

now set a filter for the following message;

 

execute log filter field  logdesc "BGP neighbor status changed"

execute log filter category 1

 

and now display all logs;

 

  execute log display

 

Do you show any log messages? What time ? What neighbor ? etc.... Also make sure your FGT clock is correct

 

   get system status

 

 

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Daryaya
New Contributor

thanks for this.

 

When I do 'execute log display' it only displays log for the last 30 minutes or so but on Fortianalyzer I do logs for the last 4 hours and I see bgp status changes, I cant see them on firewall.

 

emnoc
Esteemed Contributor III

Then something is wrong but your probably reading from memory. 

 

Do the following from  cli

 

   execute log filter device ?

 

You should see a output similar;

 

FGTWPBHFLA # execute log filter device Available devices: 0: memory 1: fortianalyzer 2: fortianalyzer-cloud 3: forticloud

 

If you selected #1 and or whatever it is on your device and repeat the earlier commands you would read the logs from the FAZ. BUt back to your logs and the bgp status can you export the logs from the FAZ and confirm the neighbor and devid ( just thinking out loud ) . The logs had to be sent to the FAZ from the device.

 

The "get router info bgp summary" will show you how long the peer has been established and you go backwards to find the time range for the corresponding logs.

 

Or

 

FGTWPBHFLA # get router info bgp neighbors | grep Est BGP state = Established, up for 10:56:18

 

NOTE: the remote bgp-peer  was rebooted 10+ hours ago for the above example

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors