I could be drawing a blank here:
Is there an event handler or setting somewhere to alert when logs are not populating to the FAZ? - i.e. turning Red under Device Manager?
Solved! Go to Solution.
in 5.2.4, you will see local event log generated like below
Device[xxx] did not receive any log in last yyy minutes.
and thus you can create a local event log alert based on this log
attached pic I did a simple config
Thanks
Simon
Thanks!
I set this up and we'll try it this week/ weekend!
I disabled a device from sending to the FAZ. However I'm not getting any message in the FAZ's event log that it's not receiving any logs. Is there a setting somewhere I need to enable this?
which FAZ version you are using?
in 5.2.4, you can find below CLI
FAZ200D # conf sys locallog setting (setting)# set log-interval-dev-no-logging Interval in minute for logging the event of no l ogs received from a device. ... default is enabled and set for 5 minutes
Thanks
Simon
We're using 5.2.2
config system locallog ?
disk Configure disk. fortianalyzer Configure fortianalyzer. fortianalyzer2 Configure fortianalyzer2. fortianalyzer3 Configure fortianalyzer3. memory Configure memory. syslogd Configure syslogd. syslogd2 Configure syslogd2. syslogd3 Configure syslogd3.
this feature (new log) is added from 5.2.3
Thanks
Simon
Thanks, this is working a lot closer than before!!!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.