- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiAnalyzer cannot process log files from FGT on Firmware 5.6
Hello,
I did the Fortigate 100D upgrade from 5.4.4 to 5.6.0 and since I noticed that my FAZ cannot process no more my FGT log files.
I checked the log files on the FAZ and they are present ( ie 34mb) but in traffic log it returns "no entry found".
I also checked on my FGT100D if there is log traffic and yes there is. Do you think the FAZ (5.4) is not ready to process 5.6.0 log files or it's a bug from my side ?
Does anyone else encounter the same problem?
regards,
- Labels:
-
5.4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
FortiOS 5.6 can work only with FAZ 5.6 - http://docs.fortinet.com/d/fortianalyzer-compatibility So you must wait to FAZ 5.6 release.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Or subscribe to the ognoing FAZ 5.6 Beta Session
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But how much time does usually go by before FAZ compatible version is released?
2nd>
How about sending syslogs from FGT 5.6 to FAZ to have some logs? Not sure how good or bad FAZ is with syslog filtering, at least would help to have central logging requirement fullfilled.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
When I sent a syslog from FortiGate 5.4x syslog to FortiAnalyzer the FortiAnalyzer recognized it as FortiGate so the results was the same as set to logging under config log fortianalyzer settings.
Probably the FortiOS 5.6.0 will not have the same behaviour with logging to FAZ 5.4.x.
AtiT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just did a test with a FGT VM64 configuring a FMG 5.4 for logging and it was interesting to see that I had two unregistered devices showing up.
First a Syslog device reported, which I added. Then the FGT (reported firmware 5.4) showed up and I also added.
Not sure what you can do in FAZ with syslog devices, most probably only storage?
Apr 10, 13:47:29Device FortiGate-VM64 add succeededApr 10, 13:47:00Device FortiGate-VM64 add succeededApr 10, 13:36:48Device SYSLOG-C0A8C238 add succeededApr 10, 13:36:16Device SYSLOG-C0A8C238 add succeeded
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortinet has the compatibility chart out stating that only Fortianalyzer 5.6 can process FortiOS 5.6 logs. Not sure when Fortianalyzer 5.6 is supposed to be released but I would hope soon.
