Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JakubP
New Contributor

Created on ‎04-05-2016 05:28 AM

FortiAnalyzer missing data in FortiView -> Log View Content

Hi all,

I have FortiAnalyzer-200D fw.5.2.6 (last) and many Fortigate's (30B/D, 50B, 60B/D, 80C, 100A) that's reports to FortiAnal.

Everything is works fine, but from FG60D and FG30D with fw 5.2.X I don't see Content log in FortiView in FA.

I see items Traffic log, I see logs in Security -> Web Filter or in DLP but Content is empty for this FG30D/60D.

 

Logs from older boxes with old fw 4.XX I can see in Fortiview in Content in.

 

what I did wrong ?

 

 Mainly I want logging and see email headers and users visited web sites.

 

Labels:
8155
0 Kudos
3 REPLIES 3
awasfi_FTNT
Staff
Staff

Created on ‎04-05-2016 11:37 PM

Hi,

 

May be you are adding the devices to the wrong ADOM version.

If you have FortiGate devices running different firmware versions then you will need to enable ADOM on FortiAnalyzer from GUI "System Settings >> Dashboard >> System Information >> Administrative Domain >> Enable".

Once enabled re-login then you should have "All ADOMs" available under System Settings.

Go to "All ADOMs" and check the devices added to which ADOM version (Under Type).

If for example v5.2 FortiGates added to v5.0 root ADOM which is the default ADOM then create a new ADOM and select the correct firmware version and move v5.2 device to it.

 

When moving devices from ADOM to another you need to rebuild the database:

# execute sql-local rebuild-db

However since FortiAnalyzer running v5.2.6 then you can use the new command:

#execute sql-local rebuild-adom <adom_name>

This command will rebuild the database for this ADOM only instead of the whole device which may takes up to few hours depends on how big is the database.

Note that while rebuilding the database device will keep receiving logs, however you will not be able to view logs or run reports till finish rebuilding.

 

Regards,

2357
0 Kudos
JakubP
New Contributor
In response to awasfi_FTNT

Created on ‎04-06-2016 12:00 AM

   

Thanks for your answer,

this is like AllDOMS look like

ALL Fortigates were under FG 5.0 type

I create new group and moved one FG to new group - for testing

But I have no problem with receiving log from fortigate at all, I only don't see content log from machines with fw 5.2.x

 

 

Preview file
161 KB
2357
0 Kudos
awasfi_FTNT
Staff
Staff
In response to awasfi_FTNT

Created on ‎04-10-2016 05:31 AM

Hi,

 

If you are running v5.2.0 to v5.2.3 on FortiGates then upgrade through supported upgrade path as I remember there is a bug viewing FortiAnalyzer logs on FortiGates which has been fixed on v5.2.4.

 

Regards

2357
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.