Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rrahmanov
New Contributor

FortiAnalyzer logs issue

Hi, Fortianalyzer (FortiAnalyzer-VM64) has recently become one of the software I'm overseeing and I see its a very powerful tool.  THIS happened in the morning. Please, let me know about the ways to resolve this logging issue.  Thanks

1 Solution
Dave_Hall
Honored Contributor

Well, you have to check the log settings on both devices; edit the device in FortiAnalyzer and confirm the Disk log Quota and Overwrite log settings.

 

Next log into the Fortigate and confirm the logs are being set to the FortiAnalyzer and method (store/upload or realtime), confirm the device is actually logging something, lastly press the Test Connectivity button. 

 

If the connectivity test fails, treat the problem is a connectivity issue between the two devices and troubleshoot accordingly.

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
4 REPLIES 4
Dave_Hall
Honored Contributor

Screenshot seems "normal".  The second device appears to show no logs received in last while.  First device shows the disk quota almost full.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
rrahmanov

Dave, I have never had it stop receiving logs. I'm trying to find the source of this sudden stoppage. Any thoughts on where to start?

Dave Hall wrote:

Screenshot seems "normal".  The second device appears to show no logs received in last while.  First device shows the disk quota almost full.

Dave_Hall
Honored Contributor

Well, you have to check the log settings on both devices; edit the device in FortiAnalyzer and confirm the Disk log Quota and Overwrite log settings.

 

Next log into the Fortigate and confirm the logs are being set to the FortiAnalyzer and method (store/upload or realtime), confirm the device is actually logging something, lastly press the Test Connectivity button. 

 

If the connectivity test fails, treat the problem is a connectivity issue between the two devices and troubleshoot accordingly.

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
rrahmanov

Thank you for the quick guideline!

Dave Hall wrote:

Well, you have to check the log settings on both devices; edit the device in FortiAnalyzer and confirm the Disk log Quota and Overwrite log settings.

 

Next log into the Fortigate and confirm the logs are being set to the FortiAnalyzer and method (store/upload or realtime), confirm the device is actually logging something, lastly press the Test Connectivity button. 

 

If the connectivity test fails, treat the problem is a connectivity issue between the two devices and troubleshoot accordingly.

 

[attachImg]https://forum.fortinet.com/download.axd?file=0;121645&where=message&f=FortAnalyer logging.gif[/attachImg]

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors