Hello Everyone,
plz could you help me to find out and fix the problem of the windows agent in fortisiem that is showed Critical in Event Status and what does it mean?
I've attached a screenshot of the problem
yes it was working normaly, the event status was green and when I checked them the last time I've got them red with critical status
Hi Guys @MoussaRms @Richie_C
I have the same problem in a different environment, but I can't use wireshark or anything like that. Have you been able to solve this problem, is there any other step that needs to be done?
Hi @adem_netsys - The root cause of the event status being critical is that no incoming logs are seen.
If agent status is running and active it means that the agent can contact the supervisor successfully to report its health. However, logs are uploaded to the collector specified in the agent template.
The main things to check are:
You mentioned that you cannot use wireshark, but maybe you could try using tcpdump from the collector to check for incoming connections from the agent. This can be run from the collector CLI.
I hope that helps.
Thanks
Richard
Hi @Richie_C
Firstly, thanks for your return, I have already reviewed these steps, there are 443 permission. While logs were taken on these machines before, there was an interruption afterwards, so there is no template change etc. The Windows machine is generating logs, this has also been confirmed. When I looked at the SSL_Access_Log, I saw 401 errors in some of them, I could not make sense of them. I reinstalled the agent in some environments, but this is not a desired method.
Thanks for the feedback @adem_netsys. Do I understand correctly that when you re-install the agent it will work again? Could any host software be blocking outbound connections?
I have checked the connexion between collector and supervisor and windows agent and collector, it is working normaly
User | Count |
---|---|
2534 | |
1351 | |
795 | |
641 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.