I did the Fortigate 100D upgrade from 5.4.4 to 5.6.0 and since I noticed that my FAZ cannot process no more my FGT log files.
I checked the log files on the FAZ and they are present ( ie 34mb) but in traffic log it returns "no entry found".
I also checked on my FGT100D if there is log traffic and yes there is. Do you think the FAZ (5.4) is not ready to process 5.6.0 log files or it's a bug from my side ?
Does anyone else encounter the same problem?
FortiOS 5.6 can work only with FAZ 5.6 - http://docs.fortinet.com/d/fortianalyzer-compatibility
So you must wait to FAZ 5.6 release.
Or subscribe to the ognoing FAZ 5.6 Beta Session
But how much time does usually go by before FAZ compatible version is released?
How about sending syslogs from FGT 5.6 to FAZ to have some logs? Not sure how good or bad FAZ is with syslog filtering, at least would help to have central logging requirement fullfilled.
When I sent a syslog from FortiGate 5.4x syslog to FortiAnalyzer the FortiAnalyzer recognized it as FortiGate so the results was the same as set to logging under config log fortianalyzer settings.
Probably the FortiOS 5.6.0 will not have the same behaviour with logging to FAZ 5.4.x.
I just did a test with a FGT VM64 configuring a FMG 5.4 for logging and it was interesting to see that I had two unregistered devices showing up.
First a Syslog device reported, which I added. Then the FGT (reported firmware 5.4) showed up and I also added.
Not sure what you can do in FAZ with syslog devices, most probably only storage?
Fortinet has the compatibility chart out stating that only Fortianalyzer 5.6 can process FortiOS 5.6 logs. Not sure when Fortianalyzer 5.6 is supposed to be released but I would hope soon.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.