Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Previgarb
New Contributor

Fortianalyzer | Fortiview is empty

FortiAnalyzerFortiGate 

Hi,

 

I've tried and tried and don't seem to be able to fix this problem I have with FA.

I have a setup with Fortigate 61F + EMS + Fortianalyzer. All V7.0.3.

Security fabric is enable with FG unit as fabric root and all looks ok, but... although in the FA "Log View" I can see the FG logs that have been stored for the last few months, in the FotiView most log categories (such as all in Traffic f. ex.) are empty with a "This chart requires following Log to be enabled: (log name)", and the ones who don't show the warnig are empty as well.

 

In the FG unit log settings I have sending logs to FA enabled, status connected, upload realtime... oddly Storage/Analytics /Archive usage show "0%". In "Logs Sent to FortiAnalyzer Daily" bellow, I have ~1GB daily.

 

I've reviewed everything and  I feel lost at this point...What have I missed?..

 

Thanks in advance,

14 REPLIES 14
Anonymous
Not applicable

Hello Previgarb, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

 Fortinet Community Team 

seshuganesh
Staff
Staff

Hi Team,

 

Please let us know if you are able to see logs under logs and reports >> forward traffic

Alos, please share us the below logs for further analysis:

get sys performance status

diag sys top (press ctrl+c after getting three outputs)

diag debug application miglogd -1

diag debug enable

Wait for five mins, once the logs are generated please disable the debug by executing this command "diag debug disable"

Previgarb

FortiAnalyser_2.png

Previgarb
New Contributor

Hi,

Thank you for your reply,

 

I can view the logs when, in "LogLocation" I select either "Disk" or "FG Cloud". If I select "FortiAnalyzer" it comes out empty.

 

get sys performance status

 

CPU states: 2% user 0% system 0% nice 98% idle 0% iowait 0% irq 0% softirq
CPU0 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU1 states: 8% user 0% system 0% nice 92% idle 0% iowait 0% irq 0% softirq
CPU2 states: 3% user 0% system 0% nice 97% idle 0% iowait 0% irq 0% softirq
CPU3 states: 3% user 0% system 0% nice 97% idle 0% iowait 0% irq 0% softirq
CPU4 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU5 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU6 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU7 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
Memory: 1964668k total, 1227508k used (62.5%), 444600k free (22.6%), 292560k freeable (14.9%)
Average network usage: 16588 / 16771 kbps in 1 minute, 13724 / 13874 kbps in 10 minutes, 13326 / 13512 kbps in 30 minutes
Average sessions: 2284 sessions in 1 minute, 1806 sessions in 10 minutes, 1803 sessions in 30 minutes
Average session setup rate: 14 sessions per second in last 1 minute, 13 sessions per second in last 10 minutes, 13 sessions per second in last 30 minutes
Average NPU sessions: 279 sessions in last 1 minute, 230 sessions in last 10 minutes, 215 sessions in last 30 minutes
Average nTurbo sessions: 20 sessions in last 1 minute, 18 sessions in last 10 minutes, 18 sessions in last 30 minutes
Virus caught: 0 total in 1 minute
IPS attacks blocked: 0 total in 1 minute
Uptime: 0 days,  6 hours,  12 minutes

 

 

diag sys top

 

Run Time:  0 days, 6 hours and 13 minutes
0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 1918T, 426F
            node      174      S       2.4     2.7    1
       ipsengine      300      S <     0.4     3.7    7
       ipsengine      298      S <     0.4     3.7    5
             wad      254      S       0.4     3.1    0
         sslvpnd      260      S       0.4     1.2    2
             wad      250      S       0.4     0.3    0
       ipsengine      299      S <     0.0     3.7    6
             wad      253      S       0.0     3.3    1
             wad      251      S       0.0     3.0    1
             wad      255      S       0.0     2.6    0
       ipshelper      187      S <     0.0     2.4    1
         cmdbsvr      141      S       0.0     2.3    3
       scanunitd      200      S <     0.0     1.9    2
         miglogd      282      S       0.0     1.8    0
         miglogd      193      S       0.0     1.8    1
       extenderd      239      S       0.0     1.5    6
         sslvpnd      195      S       0.0     1.4    6
          fcnacd      191      S       0.0     1.3    6
          cw_acd      229      S       0.0     1.3    3
            csfd      240      S       0.0     1.2    1

 

 

diag debug enable

https://pastebin.com/taUBhDDS - Cant paste it here because it exceeds character limit.

 

Thanks,

Previgarb

FortiAnalyser.png

seshuganesh
Staff
Staff

Kindly get us the output of these two commands:

diag test application miglogd 20

diag test application miglogd 6

diag debug crashlog read

diag sniffer packet any 'host a.b.c.d' 4 0 a (where a.b.c.d is the fortianalyzer ip address), Once you run the sniffer we will be able to know whether firewall is sending packets or not to the fortianalyzer

Previgarb

Hi,

 

Command outputs:

https://pastebin.com/C0CwU55i

 

Thanks,

Previgarb
New Contributor

bump

pietruchapp
New Contributor

Hello
Has the problem been resolved?

Labels
Top Kudoed Authors