using standalone FG60E v5.4.1, logging to memory and forticloud (if I can get it working).
forward traffic logs are blank. I tried UTM events, all session and web profile "log-all-urls". log still blank.
also the forticloud test account button does not work and the account box is blank, but cannot be changed.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Solved! Go to Solution.
Hi,
I had the same problem.
Use the following commands to show allowed traffic in memory log.
config log memory filter set severity information end
Regards,
Justfly
Hi,
I had the same problem.
Use the following commands to show allowed traffic in memory log.
config log memory filter set severity information end
Regards,
Justfly
Hello
I dont know if this post is closed but i put my doubt here.
I have similar issue than the others. I can´t see the forward traffic that is going trouhgt the fortigate (60E) in the GUI, but i have configured the syslogd to send the logs to an ELK server and i can see them getting rigth.
Here some information about the config:
FGT60E (global) # config log syslogd setting FGT60E (setting) # get status : enable server : 192.168.X.X reliable : disable port : 5514 csv : disable facility : local7 source-ip :
FGT60E (global) # config log syslogd filter FGT60E (filter) # get severity : information forward-traffic : enable local-traffic : enable multicast-traffic : enable sniffer-traffic : enable anomaly : enable voip : enable filter : filter-type : include
The only thing i see is DNS message errors. like in this other post (https://forum.fortinet.com/tm.aspx?m=157361&high=forward+traffic+log)
@jeskudero see the post above you, what are the settings for the memory logging?
I dont have those settings. I have this one:
FGT60E (global) # config log memory global-setting
FGT60E (global-setting) # get max-size : 65536 full-first-warning-threshold: 75 full-second-warning-threshold: 90 full-final-warning-threshold: 95
I have vdom-admin enable, it could be the reason?
Thanks
it could be, but then you have those other settings in the vdom (i.e. root) settings, did you check there?
Yes, thats the thing
I cuold change the "config log memory filter" in the target vdom and now it works
Thanks
The D & E models that do not have local storage, have logging limitations. Unfortunately Fortinet doesn't seem to document this, but ran into this doing a POC on a FG200E and couldn't for the life of me figure out why logging wasn't working, and then remembered that it had no local storage, only option was logging to memory (or off-box). Swapped it for a FG201E and the on-box logging all worked as expected. It would be great if Fortinet would write a blurb about this in their docs and save people a lot of wasted time trying to get logging functionality to work on their D and E series boxes that do not have local storage.
You can confirm whether or not your FG has local storage or not by looking at the Product Matrix: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf
Notice the 30E, 50E, 60D and 60E all lack local storage (the 51E has 32GB and the 61E have 128GB):
Model FG/FWF-30E FG/FWF-50E FG-60D FG/FWF-60E
Local Storage — 32 GB (51E) — 128 GB (61E)
I did all these ..on my 200E
And destination is set to memory but nothing and nothing ..
Target vdom.. set to memory : severity information ..
Driving me crazy
FG200E000000000 (setting) # get status : enable diskfull : overwrite FG200E000000000 (filter) # get severity : information forward-traffic : enable local-traffic : disable multicast-traffic : enable sniffer-traffic : enable anomaly : enable voip : enable filter : filter-type : include FG200E000000000 (gui-display) # get resolve-hosts : disable resolve-apps : enable fortiview-unscanned-apps: disable fortiview-local-traffic: disable location : memory FG200E000000000 (setting) # get resolve-ip : disable resolve-port : enable log-user-in-upper : disable fwpolicy-implicit-log: disable fwpolicy6-implicit-log: disable log-invalid-packet : disable local-in-allow : enable local-in-deny-unicast: enable local-in-deny-broadcast: enable local-out : enable neighbor-event : disable brief-traffic-format: disable user-anonymize : disable
I changed the max-size, gave a reboot and finally worked .. Pfffffff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.