FortiAnalyzer logs issue

rrahmanov · ‎03-17-2015

Hi, Fortianalyzer (FortiAnalyzer-VM64) has recently become one of the software I'm overseeing and I see its a very powerful tool. THIS happened in the morning. Please, let me know about the ways to resolve this logging issue. Thanks

Dave_Hall · ‎03-17-2015

Well, you have to check the log settings on both devices; edit the device in FortiAnalyzer and confirm the Disk log Quota and Overwrite log settings.

Next log into the Fortigate and confirm the logs are being set to the FortiAnalyzer and method (store/upload or realtime), confirm the device is actually logging something, lastly press the Test Connectivity button.

If the connectivity test fails, treat the problem is a connectivity issue between the two devices and troubleshoot accordingly.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

Dave_Hall · ‎03-17-2015

Screenshot seems "normal". The second device appears to show no logs received in last while. First device shows the disk quota almost full.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

rrahmanov · ‎03-17-2015

Dave, I have never had it stop receiving logs. I'm trying to find the source of this sudden stoppage. Any thoughts on where to start?

Dave Hall wrote:
Screenshot seems "normal". The second device appears to show no logs received in last while. First device shows the disk quota almost full.

Dave_Hall · ‎03-17-2015

Well, you have to check the log settings on both devices; edit the device in FortiAnalyzer and confirm the Disk log Quota and Overwrite log settings.

Next log into the Fortigate and confirm the logs are being set to the FortiAnalyzer and method (store/upload or realtime), confirm the device is actually logging something, lastly press the Test Connectivity button.

If the connectivity test fails, treat the problem is a connectivity issue between the two devices and troubleshoot accordingly.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

rrahmanov · ‎03-18-2015

Thank you for the quick guideline!

Dave Hall wrote:
Well, you have to check the log settings on both devices; edit the device in FortiAnalyzer and confirm the Disk log Quota and Overwrite log settings.

Next log into the Fortigate and confirm the logs are being set to the FortiAnalyzer and method (store/upload or realtime), confirm the device is actually logging something, lastly press the Test Connectivity button.

If the connectivity test fails, treat the problem is a connectivity issue between the two devices and troubleshoot accordingly.

[attachImg]https://forum.fortinet.com/download.axd?file=0;121645&where=message&f=FortAnalyer logging.gif[/attachImg]