FortiAnalyzer - where is the logs?

marconet-22 · ‎01-30-2024

Hi Guys

Scenario:

FortiAnalyzer VM64 (Rel 7.4.1) in private cloud, Fortigate(s) send logs via public IP Address to FortiAnalyzer IP Address.

Public IP Address listened on port TCP/UDP 514

I follow Fortinet doc's. I authorized Fortigate on Fortianalyzer.

Traffic from Fortigate to FortiAnalyzer run correctly (test/sniffer packet etc)

Where is these logs???? :)

Thank you guys

marconet-22 · ‎02-02-2024

Hi

I set filter on Fortiananalyzer log severity notification and I solved the issue

View solution in original post

smkml · ‎01-30-2024

Hello @marconet-22 ,

What is the result when run below command in FGT CLI:

#execute log fortianalyzer test-connectivity

If there is logs sending to FAZ, the Tx & Rx will shows as below:

Log: Tx & Rx (28 logs received since 02:00:18 02/20/18)

You can see the logs in FAZ > Log View > FortiGate

https://community.fortinet.com/t5/FortiAnalyzer/Troubleshooting-Tip-FortiGate-to-FortiAnalyzer-conne...

hbac · ‎01-31-2024

Hi @marconet-22,

Have you checked on the FortiAnalyzer > Log View > FortiGate?

Regards,

marconet-22 · ‎02-02-2024

Hi

I don't find Fortigate in FortiAnalyzer > Log View .

How can I enable it?

Marco

hbac · ‎02-02-2024

@marconet-22,

What is the firmware version of FortiGate? You mentioned that traffic from FortiGate to FortiAnalyzer run correctly, did you packet the traffic on the FortiGate or FortiAnalyzre?

Regards,

marconet-22 · ‎02-02-2024

Hi hbac

Fortigate run 7.4.1

FortiAnalyzer run 7.4.1

Now I have just set reliable: enable via cli and everything works.

Now I need to send only warning logs.

marconet-22 · ‎02-02-2024

Hi

I set filter on Fortiananalyzer log severity notification and I solved the issue