Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jirka1
Contributor III

FGT 5.4.4 -> FAZ 5.4.3 - stop sending logs

Hi guys, we have a problem with sending logs from FGT60E (5.4.4) to FAZ200D (5.4.3) Once in a while (about once a week), FortiGate stops send logs to the FAZ. In Device Manager I see the red status instead of green. If I restart the FAZ, the problem persists. Reboot FGT will help. The FGT-> FAZ connection test passes OK. We have 8 units connected to the FAZ and only this one does.

Some idea or diag cmd?

 

config log fortianalyzer setting
    set status enable
    set ips-archive enable
    set server "xx.xxx.xxx.xxx"
    set enc-algorithm default
    set conn-timeout 10
    set monitor-keepalive-period 5
    set monitor-failure-retry-period 5
    set source-ip ''
    set upload-option realtime
    set reliable enable
end

Thanks. Jirka

4 REPLIES 4
Baptiste
Contributor II

Hi you can try to disable encyption, same case and it's working fine now.

Don't forget to set source IP if your FGT is on remote site (VPN)

 

config log fortianalyzer setting     set enc-algorithm disable

    set source-ip LAN-IP

end

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Jirka1

Hi Baptiste,

Unfortunately, I tried it all without success. FGT is not on the remote side so I set scr-add as a WAN address and disable encryption. I rebooted and it worked for 5 days. Today again the same mistake...

 

Is there any way to diagnose what's wrong?

 

Thanks

 

Jirka

emnoc
Esteemed Contributor III

Yes disable  ENC it's not supported going forward ( FAZ 5.4.2+ )  . Also running diag sniffer packet any "host <insert  address of FAZ>" and see what's happening will give you an ideal.

 

Just generate a traffic event/system event and monitor for traffic to FAZ device or use the "diag log   test " and watch for a log event.

 

You can run "diag debug application   miglogd -1" and look for the faz message also an alternative

 

http://socpuppet.blogspot...cloud-issues-52ga.html

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Jirka1
Contributor III

ok, in the Release Notes for FortiOS 5.4.5 is: BUG ID: 421062 FortiGate 60E stopped sending logs to FortiAnalyzer when reliable enabled.

 

Now I've updated FGT60E to FortiOS 5.4.5, so let's see..

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors