FortiGate 60D no Logging - all show No entries found.

jjensen · ‎07-23-2015

Hello. I was troubleshooting why our VPN stopped working on a specific subnet (figured that out) when I noticed I couldn't generate any logs. From what I can tell i have logging setup correctly for logging to memory. I've disabled disk logging completely and restarted the forticlient device. We use a FortiGate 60D that is running version v5.0, build 3608 (GA Patch 7)

I followed the instructions from here http://help.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Help/config-logging.138.05....

Ran the diag log test, and did not see the event log generated from Log & Report > Event Log > User.

Let me know if you any more info is needed to assist.

jjensen · ‎07-23-2015

Watching some video's online I noticed that another 60D has memory listed while the one i'm working with doesn't.

This is what I see on a video from video.fortinet.com Same model device. I do not see the check box or Memory listed. I used to have a check box that displayed Disk. I've since disabled that and verified memory logging was enabled.

Dave_Hall · ‎07-23-2015

Maybe from the CLI try:

config log memory setting set status enable end config log gui set log-device memory end

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

jjensen · ‎07-23-2015

Dave Hall wrote:
Maybe from the CLI try:

config log memory setting set status enable end config log gui set log-device memory end

I do not have the ability to do 'config log gui' so i can't do 'set log-device memory'

jjensen · ‎07-23-2015

I believe i may have found the issue. Web Filtering was not enabled from the security features. We only had VPN and Application Control. With Web Filter being turned off that would make it so we wouldn't see any traffic logs correct? In an older fortiOS Handbook I read that logging to memory does not support Traffic Logs due to the how fast it would eat up the memory. If this is true that would also explain why I won't see any Traffic Logs. I'm still not sure why we haven't seen any Event Logs.... that to me looks like it is setup correctly.

YtseJam · ‎07-23-2015

Hi, have you tried to change it to disk instead of memory? My settings was display logs from disk and it works fine. Make sure also to check any from the logging options along with your vpn policy.

You can also try to upgrade your firmware. Then, check again your concerns if still the same. I'm using the latest version 5.3 and so far no issues encountered.

jjensen · ‎07-24-2015

I've not tried logging to disk. The reason for that is due to all the posts I read about it adversely impacting the flash disk. I'll change it to disk logging and see if my issues go away.

milosn · ‎07-24-2015

Hello,

in CLI look for "config log memory filter" or disk there you want to logging. The important option is severity of logged events - "set severity information" will log required information.

Regards,

Milos

jjensen · ‎07-24-2015

When i perform a get command from config log memory filter all the filters are set to enable and the severity is set to information.

jjensen · ‎07-24-2015

I just got off the phone with support and they want me to run the command execute formatlogdisk. They are stating that even though we're using memory to log.. the device still needs to write some stuff to disk. When i run the command get system status.. the Log Hard Disk already shows the status of "Available" which to me means i shouldn't have to run this command. I'll be opening a maintenance window to do this step though.

FortiGate 60D no Logging - all show No entries found.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website