Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Paul_S
Contributor

FGT60E 5.4.1 not showing forward traffic logs and forticloud issue

using standalone FG60E v5.4.1, logging to memory and forticloud (if I can get it working).

 

forward traffic logs are blank. I tried UTM events, all session and web profile "log-all-urls". log still blank.

 

also the forticloud test account button does not work and the account box is blank, but cannot be changed.

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
1 Solution
Justfly
New Contributor II

Hi,

I had the same problem.

Use the following commands to show allowed traffic in memory log.

 

config log memory filter set severity information end

 

Regards,

Justfly

 

View solution in original post

18 REPLIES 18
Justfly
New Contributor II

Hi,

I had the same problem.

Use the following commands to show allowed traffic in memory log.

 

config log memory filter set severity information end

 

Regards,

Justfly

 

jeskudero
New Contributor II

Hello

 

I dont know if this post is closed but i put my doubt here.

 

I have similar issue than the others. I can´t see the forward traffic that is going trouhgt the fortigate (60E) in the GUI, but i have configured the syslogd to send the logs to an ELK server and i can see them getting rigth.

Here some information about the config:

 

FGT60E (global) # config log syslogd setting FGT60E (setting) # get status              : enable server              : 192.168.X.X reliable            : disable port                : 5514 csv                 : disable facility            : local7 source-ip           :

 

FGT60E (global) # config log syslogd filter FGT60E (filter) # get severity            : information forward-traffic     : enable local-traffic       : enable multicast-traffic   : enable sniffer-traffic     : enable anomaly             : enable voip                : enable filter              : filter-type         : include

The only thing i see is DNS message errors. like in this other post (https://forum.fortinet.com/tm.aspx?m=157361&high=forward+traffic+log)

 

boneyard
Valued Contributor

@jeskudero see the post above you, what are the settings for the memory logging?

jeskudero
New Contributor II

I dont have those settings. I have this one:

 

FGT60E (global) # config log memory global-setting

FGT60E (global-setting) # get max-size            : 65536 full-first-warning-threshold: 75 full-second-warning-threshold: 90 full-final-warning-threshold: 95

I have vdom-admin enable, it could be the reason?

Thanks

boneyard
Valued Contributor

it could be, but then you have those other settings in the vdom (i.e. root) settings, did you check there?

jeskudero
New Contributor II

Yes, thats the thing

I cuold change the "config log memory filter" in the target vdom and now it works

 

Thanks

NapaCab

The D & E models that do not have local storage, have logging limitations.  Unfortunately Fortinet doesn't seem to document this, but ran into this doing a POC on a FG200E and couldn't for the life of me figure out why logging wasn't working, and then remembered that it had no local storage, only option was logging to memory (or off-box).  Swapped it for a FG201E and the on-box logging all worked as expected. It would be great if Fortinet would write a blurb about this in their docs and save people a lot of wasted time trying to get logging functionality to work on their D and E series boxes that do not have local storage. 

 

You can confirm whether or not your FG has local storage or not by looking at the Product Matrix:  https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf

 

Notice the 30E, 50E, 60D and 60E all lack local storage (the 51E has 32GB and the 61E have 128GB):

 

Model               FG/FWF-30E      FG/FWF-50E      FG-60D      FG/FWF-60E

Local Storage     —                    32 GB (51E)      —              128 GB (61E)

mhdganji

I did all these ..on my 200E

And destination is set to memory but  nothing and nothing ..

Target vdom.. set to memory : severity information ..

Driving me crazy

 

FG200E000000000 (setting) # get status              : enable diskfull            : overwrite FG200E000000000 (filter) # get severity            : information forward-traffic     : enable local-traffic       : disable multicast-traffic   : enable sniffer-traffic     : enable anomaly             : enable voip                : enable filter              : filter-type         : include FG200E000000000 (gui-display) # get resolve-hosts       : disable resolve-apps        : enable fortiview-unscanned-apps: disable fortiview-local-traffic: disable location            : memory FG200E000000000 (setting) # get resolve-ip          : disable resolve-port        : enable log-user-in-upper   : disable fwpolicy-implicit-log: disable fwpolicy6-implicit-log: disable log-invalid-packet  : disable local-in-allow      : enable local-in-deny-unicast: enable local-in-deny-broadcast: enable local-out           : enable neighbor-event      : disable brief-traffic-format: disable user-anonymize      : disable

 

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
mhdganji

I changed the max-size, gave a reboot and finally worked .. Pfffffff

 

 

M. Ganji, Network & Security Expert.
M. Ganji, Network & Security Expert.
Labels
Top Kudoed Authors