FM 5.0.10 / FortiOS 5.0.10: Pollicy push fails due to realtime log upload setting.

rsmayer · ‎02-08-2015

Fortigate is currently set to upload logs to fortianalyzer in realtime:

md-fg-01 (global) # config log fortianalyzer setting md-fg-01 (setting) # show config log fortianalyzer setting set status enable set server 135.22.72.15 set upload-option realtime end

However FortiManager does not recognize this fact and always tries to set the upload-option to realtime and then fails to recognize that it's set. Here a push log:

------- Start to retry -------- md-fg-01 $ config global md-fg-01 (global) $ config log fortianalyzer setting md-fg-01 (setting) $ set upload-option realtime md-fg-01 (setting) $ end md-fg-01 (global) $ end ---> generating verification report (global: log fortianalyzer setting:upload-option) remote original: to be installed: realtime <--- done generating verification report install failed

[ul]

I have Retrieved the config to make sure FM is in sync. Subsequent pushes still fail.

I have tried turning off realtime upload in FM and pushing (that works. Then turning realtime back on and pushing again - that fails.[/ul]

Any suggestions.?

Rich Mayer

LGS Innovations

Rich Mayer LGS Innovations

scao_FTNT · ‎02-08-2015

Hi, Rich Mayer, what is the FGT model? this config default value is related to FGT hard disk availability and seems FMG did not correctly recognize this.

Thanks

Simon

rsmayer · ‎02-08-2015

Simon asked, "Hi, Rich Mayer, what is the FGT model?"

The Fortigate is a 200b.

Rich Mayer LGS Innovations

scao_FTNT · ‎02-09-2015

Hi, Rich, can you help provide below info on your FGT?

get system status

get log fortianalyzer setting

sh log fortianalyzer setting

Thanks

Simon

rsmayer · ‎02-09-2015

Simon,

Thanks for your interest... Here is the data you requested:

md-fg-01 (global) # get system status

Version: FortiGate-200B v5.0,build0305,141216 (GA Patch 10)

Virus-DB: 23.00790(2015-02-08 18:07)

Extended DB: 1.00000(2012-10-17 15:46)

IPS-DB: 5.00609(2015-02-06 03:05)

IPS-ETDB: 0.00000(2001-01-01 00:00)

Serial-Number: FG200B3910602868

Botnet DB: 2.00064(2015-02-05 10:30)

BIOS version: 04000007

Log hard disk: Available

Internal Switch mode: interface

Hostname: md-fg-01

Operation Mode: NAT

Current virtual domain: root

Max number of virtual domains: 10

Virtual domains status: 3 in NAT mode, 2 in TP mode

Virtual domain configuration: enable

FIPS-CC mode: disable

Current HA mode: standalone

Branch point: 305

Release Version Information: GA Patch 10

System time: Mon Feb 9 15:47:01 2015

md-fg-01 (global) # get log fortianalyzer setting

status : enable

ips-archive : enable

server : x.x.x.x

enc-algorithm : default

localid :

conn-timeout : 10

monitor-keepalive-period: 5

monitor-failure-retry-period: 5

source-ip : 0.0.0.0

upload-option : realtime

reliable : disable

md-fg-01 (global) # sh log fortianalyzer setting

config log fortianalyzer setting

set status enable

set server x.x.x.x

set upload-option realtime end

md-fg-01 (global) #

Rich Mayer LGS Innovations

scao_FTNT · ‎02-09-2015

thanks for the update, I will double check this in the lab

I saw FGT shows the config correctly, but not sure why FMG report verify fail (FMG will retrieve FGT config after install and compare with local db config)

(global: log fortianalyzer setting:upload-option) remote original: to be installed: realtime

Thanks

Simon

scao_FTNT · ‎02-09-2015

I did a quick test using FMG400B 5.0.10 365 + FGTVM 5.0.10 305 (with disk) and install is OK, so need to use FGT200B for a check

Thanks

Simon

1st time change from store and upload to real-time logging

Starting log (Run on device)


Start installing
v4 $  config log fortianalyzer setting
v4 (setting) $  set upload-option realtime
v4 (setting) $  set reliable enable
v4 (setting) $  end


---> generating verification report
<--- done generating verification report


install finished

2nd time change back to store and upload

Starting log (Run on device)


Start installing
v4 $  config log fortianalyzer setting
v4 (setting) $  unset upload-option
v4 (setting) $  set upload-time "02:59"
v4 (setting) $  end


---> generating verification report
<--- done generating verification report


install finished

rsmayer · ‎02-09-2015

Many thanks for your assistance. I am out of the office tomorrow, but let know if I can help in any way.

Rich Mayer LGS Innovations

scao_FTNT · ‎02-10-2015

Hi, Rich,

We did not yet reproduce this issue in lab even using FGT200B 5.0.10,

can you help provide below info

1. get mgmt-data status

2. if do manual backup from FGT, and in that backup file, can you see "set upload-option realtime " as show command?

Thanks

Simon

rsmayer · ‎02-10-2015

As requested...

md-fg-01 (global) # get mgmt-data status

mgmt-data.status.version: 1.1

Model name: FortiGate-200B

CPU: 1

RAM: 1005 MB (tr=1054171136/th=268435456/mu=1)

get_log_disk_info: 1

is_ssd_available: 1

is_logdisk_mounted: 1

is_support_log_on_boot_device: 1

is_rev_support_wanopt: 1

fds_get_platform: 200B

local_cert_exists(Fortinet_Factory): 1

local_cert_exists(Fortinet_Factory2): 1

disk_factory_platform_has_user_disk: N/A

check_logdisk_exist: 1

md-fg-01 (global) #

The following is cut from a manual configuration backup:

config log fortianalyzer setting set status enable set server 135.22.72.15 set enc-algorithm disable set upload-option realtime end

Rich Mayer LGS Innovations

FM 5.0.10 / FortiOS 5.0.10: Pollicy push fails due to realtime log upload setting.

Nominate a Forum Post for Knowledge Article Creation