Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FAZ not collecting logs after moving FGT from one ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FAZ not collecting logs after moving FGT from one ADOM to another ADOM
We use FAZ in analyzer mode with ADOMs. We recently moved a FGT from one ADOM to another, and then log collection just stopped for that device. I've tried removing the FGT device in FAZ and re-registering it, and it still fails to collect logs. I have also re-built the SQL db for that ADOM and re-indexed, but still no luck.
On the FGT, if I click TEST CONNECTIVITY button, everything looks fine--it shows the name of the FAZ, status is REGISTERED, and connection status and all priviliges get a green check mark. It also shows the number of logs that it is sending to the FAZ. But I don't know where they are going once they hit the FAZ.
Any suggestions would be appreciated!
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does the fortigate show up in the device list? Are you 100% sure you edit the new adom and select that device? Have you check the FAZ event logs for any clues?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you help provide "diag dvm device list", "diag dvm adom list" and "diag log device"?
Thanks
Simon
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Result of "diag dvm device list"
TYPE OID SN HA IP NAME ADOM IPS FIRMWARE faz enabled 260 FG100Exxxxx01629 - 172.xx.xx.250 Axxxxxxxxxxxxxx Axxxxxxxxx N/A 5.0 MR4 (5873) |- STATUS: db: unknown; conf: unknown; cond: unknown; dm: none; conn: unknown |- vdom:[3]root flags:0 adom:Axxxxxxxxx pkg:[never-installed]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Result of "diag log device" (removed non-essential info)
==============================================
FAZVM64-HV # diag log device Device Name Device ID Used Space(logs / quarantine / content / IPS) Allocated Space Used% Axxxxxxxxxxxxxx FG100Exxxxxx01629 0.0KB( 0.0KB/ 0.0KB/ 0.0KB/ 0.0KB) unlimited n/a Total: 17 log devices, used=52.0GB quota=unlimited AdomName AdomOID Type Logs Database [Retention Quota UsedSpace(logs / quarantine / content / IPS) Used%] [Retention Quota Used Used%] Axxxxxxxxx 148 FGT 365days 14.6GB 12.2GB( 12.2GB/ 0.0KB/ 0.0KB/ 0.0KB) 83.2% 60days 34.2GB 16.1GB 47.1% Total usage: 23 ADOMs, logs=52.0GB database=112.6GB(ADOMs usage:111.9GB + Internal Usage:707.8MB) Total Quota Summary: Total Quota Allocated Available Allocate% 884.2GB 543.0GB 341.2GB 61.4% System Storage Summary: Total Used Available Use% 984.2GB 171.4GB 812.8GB 17.4% Reserved space: 100.0GB (10.2% of total space).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
REsults of "diag dvm adom list" (removed non-essential info)
=========================================
FAZVM64-HV # diag dvm adom list There are currently 24 ADOMs: OID STATE PRODUCT OSVER MR NAME MODE VPN MANAGEMENT IPS 148 enabled FOS 5.0 2 Axxxxxxxxx Normal Policy & Device VPNs N/A ---End ADOM list---
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To answer your questions emnoc:
-Yes, the fortigate shows up in the device list under the correct ADOM with a red dot under the LOGS column. We have another device in this ADOM and it is logging correctly.
-See event log below. This shows when I deleted and re-registering the device in lines 329-332; but 9 minutes later in line 328 it says no logs received from the device in last 4215 minutes. SO I don't think deleting the device took care of everything.
328 2017-08-26 11:50:50 warning system FortiAnalyzer event Device[FG100Exxxxx01629] did not receive any log in last 4215 minutes. 329 2017-08-26 11:41:11 information system FortiAnalyzer event Added unregistered device FG100Exxxxx01629 to unregistered table 330 2017-08-26 11:41:11 information device ... Device manager event Device FG100Exxxxx01629 add succeeded 331 2017-08-26 11:36:46 warning system FortiAnalyzer event Deleted all log files of FG100Exxxxx01629 due to device deletion. 332 2017-08-26 11:36:46 notice admin-GUI(24.7.214.66) Device manager event Deleted device Axxxxxxxxxxxx-FGT100E (FG100Exxxxx01629)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay try this
on the fgt
execute log filter dev 2 ( double check 2 is FAZ )
execute log filter category 0
execute log display
Does that show or present any logs? And how about
execute log filter category 1
execute log display
Same thing do you show logs? Also what version of FAZ do you have? v5.0.x on the FGT is very old imho.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are on FAZ 5.4.3.
Here are the results from the fortigate, which is also on 5.4.3. I would've guessed I was having a problem with the FAZ, but this looks like a FGT problem?
FG100Exxxxx01629 # exec log filter dev Available devices: 0: memory 1: faz 2: fds FG100Exxxxx01629 # exec log filter dev 1 FG100Exxxxx01629 # exec log filter category 0 FG100Exxxxx01629 # exec log display 0 logs found. 0 logs returned. 0.0% of logs has been searched. FG100Exxxxx01629 # exec log filter dev 1 FG100Exxxxx01629 # exec log filter category 1 FG100Exxxxx01629 # exec log display 0 logs found. 0 logs returned. 0.0% of logs has been searched.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- About automatically collected device information 95 Views
- Problem as move configuration from D-LINK... 274 Views
- Moving SSL VPN DHCP to external... 146 Views
- Fortinet Switch and Fluke Link IQ... 176 Views
- Can Fortigate be Moved to Another... 319 Views
Labels
-
FortiGate
8,428 -
FortiClient
1,701 -
5.2
801 -
FortiManager
708 -
5.4
639 -
FortiAnalyzer
542 -
FortiSwitch
456 -
FortiAP
456 -
6.0
416 -
FortiClient EMS
404 -
5.6
362 -
FortiMail
308 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
211 -
FortiWeb
198 -
5.0
196 -
IPsec
183 -
FortiNAC
175 -
FortiGuard
134 -
6.4
128 -
SD-WAN
109 -
FortiGateCloud
100 -
FortiSIEM
98 -
FortiCloud Products
95 -
FortiToken
89 -
FortiAuthenticator
83 -
Customer Service
77 -
Wireless Controller
75 -
Firewall policy
70 -
4.0MR3
64 -
FortiProxy
59 -
FortiADC
53 -
Fortivoice
52 -
High Availability
51 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiSandbox
43 -
FortiExtender
43 -
FortiDNS
42 -
Routing
39 -
BGP
38 -
DNS
38 -
LDAP
38 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
32 -
Certificate
32 -
Authentication
31 -
Interface
31 -
SSO
30 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
26 -
FortiWAN
25 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
VDOM
24 -
Logging
24 -
Web profile
23 -
Virtual IP
22 -
FortiPAM
21 -
Fortigate Cloud
19 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
FortiMonitor
18 -
SSL SSH inspection
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
IP address management - IPAM
14 -
FortiSOAR
13 -
SSID
13 -
Static route
13 -
System settings
13 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Traffic shaping policy
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Traffic shaping profile
5 -
Email filter profile
5 -
Web rating
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Service
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1645 | |
| 1070 | |
| 751 | |
| 443 | |
| 210 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.