I have a FortiGate 200E that is setup to log to the FortiAnalyzer. From time to time, I'll log in to the Analyzer and notice that logging has stopped. Does anyone know how to setup an alert that will notify us that logging has stopped on the FortAnalyzer? I can fix it by logging in to the FortiGate and toggling the logging from real-time to every minute, that seems to get it going again.
Shawn
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Please be advised that in FortiAnalyzer firmware version 6.0, the default configuration has changed to 1440 minutes
FAZ-VM64-Bridged # get system locallog setting log-interval-dev-no-logging: 1440
Therefore, the FortiAnalyzer will wait 24 hours to perform the log check and therefore generate a System Event Log if no logs have been received by the device.
However, it is important to consider that lowering this value and therefore increasing the frequency may hinder device performance.
Hi Shawn,
By default, there will be some system event logs about "Device offline" as below:
2018-02-27 11:30:15 log_id=0029038009 type=event subtype=logdev pri=warning desc="Device offline" user="system" userfrom="system" msg="Device[xxxxxxxxxxxxxx] did not receive any log in last xx minutes."
In root ADOM, you can create an event handler based on this log and enable "Send Alert Email" on it.
Regards,
hz
Agreed and that's what we do. Generate a alert trigger for the device and devid and fire it off.
Ken
PCNSE
NSE
StrongSwan
Please be advised that in FortiAnalyzer firmware version 6.0, the default configuration has changed to 1440 minutes
FAZ-VM64-Bridged # get system locallog setting log-interval-dev-no-logging: 1440
Therefore, the FortiAnalyzer will wait 24 hours to perform the log check and therefore generate a System Event Log if no logs have been received by the device.
However, it is important to consider that lowering this value and therefore increasing the frequency may hinder device performance.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1529 | |
1027 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.