Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jcharlery
New Contributor

Created on ‎04-10-2017 10:49 AM

FortiAnalyzer cannot process log files from FGT on Firmware 5.6

Hello,

 

I did the Fortigate 100D upgrade from 5.4.4 to 5.6.0 and since I noticed that my FAZ cannot process no more my FGT log files.

I checked the log files on the FAZ and they are present ( ie 34mb) but in traffic log it returns "no entry found".

I also checked on my FGT100D if there is log traffic and yes there is. Do you think the FAZ (5.4) is not ready to process 5.6.0 log files or it's a bug from my side ?

 

Does anyone else encounter the same problem?

 

regards,

Labels:
7838
0 Kudos
6 REPLIES 6
Jirka1
Contributor III

Created on ‎04-10-2017 03:28 PM

Hello,

 

FortiOS 5.6 can work only with FAZ 5.6  - http://docs.fortinet.com/d/fortianalyzer-compatibility  So you must wait to FAZ 5.6 release.

2923
0 Kudos
Alby23
Contributor II
In response to Jirka1

Created on ‎04-10-2017 11:40 PM

Or subscribe to the ognoing FAZ 5.6 Beta Session

2930
0 Kudos
ted_barker
New Contributor
In response to Alby23

Created on ‎04-11-2017 12:25 AM

But how much time does usually go by before FAZ compatible version is released?

 

2nd>

How about sending syslogs from FGT 5.6 to FAZ to have some logs? Not sure how good or bad FAZ is with syslog filtering, at least would help to have central logging requirement fullfilled.

2923
0 Kudos
AtiT
Valued Contributor
In response to ted_barker

Created on ‎04-11-2017 12:30 AM

Hi,

When I sent a syslog from FortiGate 5.4x syslog to FortiAnalyzer the FortiAnalyzer recognized it as FortiGate so the results was the same as set to logging under config log fortianalyzer settings.

Probably the FortiOS 5.6.0 will not have the same behaviour with logging to FAZ 5.4.x.

AtiT

AtiT
2930
0 Kudos
ted_barker
New Contributor
In response to AtiT

Created on ‎04-11-2017 01:40 AM

I just did a test with a FGT VM64 configuring a FMG 5.4 for logging and it was interesting to see that I had two unregistered devices showing up.

 

First a Syslog device reported, which I added. Then the FGT (reported firmware 5.4) showed up and I also added.

 

Not sure what you can do in FAZ with syslog devices, most probably only storage?

 

Apr 10, 13:47:29Device FortiGate-VM64 add succeededApr 10, 13:47:00Device FortiGate-VM64 add succeededApr 10, 13:36:48Device SYSLOG-C0A8C238 add succeededApr 10, 13:36:16Device SYSLOG-C0A8C238 add succeeded
2930
0 Kudos
jpalmer99
New Contributor II

Created on ‎04-19-2017 12:45 PM

Fortinet has the compatibility chart out stating that only Fortianalyzer 5.6 can process FortiOS 5.6 logs.  Not sure when Fortianalyzer 5.6 is supposed to be released but I would hope soon.

2930
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.