Hi,
I've tried and tried and don't seem to be able to fix this problem I have with FA.
I have a setup with Fortigate 61F + EMS + Fortianalyzer. All V7.0.3.
Security fabric is enable with FG unit as fabric root and all looks ok, but... although in the FA "Log View" I can see the FG logs that have been stored for the last few months, in the FotiView most log categories (such as all in Traffic f. ex.) are empty with a "This chart requires following Log to be enabled: (log name)", and the ones who don't show the warnig are empty as well.
In the FG unit log settings I have sending logs to FA enabled, status connected, upload realtime... oddly Storage/Analytics /Archive usage show "0%". In "Logs Sent to FortiAnalyzer Daily" bellow, I have ~1GB daily.
I've reviewed everything and I feel lost at this point...What have I missed?..
Thanks in advance,
Created on 05-08-2022 08:58 PM
Hello Previgarb,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Fortinet Community Team
Hi Team,
Please let us know if you are able to see logs under logs and reports >> forward traffic
Alos, please share us the below logs for further analysis:
get sys performance status
diag sys top (press ctrl+c after getting three outputs)
diag debug application miglogd -1
diag debug enable
Wait for five mins, once the logs are generated please disable the debug by executing this command "diag debug disable"
Hi,
Thank you for your reply,
I can view the logs when, in "LogLocation" I select either "Disk" or "FG Cloud". If I select "FortiAnalyzer" it comes out empty.
get sys performance status
CPU states: 2% user 0% system 0% nice 98% idle 0% iowait 0% irq 0% softirq
CPU0 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU1 states: 8% user 0% system 0% nice 92% idle 0% iowait 0% irq 0% softirq
CPU2 states: 3% user 0% system 0% nice 97% idle 0% iowait 0% irq 0% softirq
CPU3 states: 3% user 0% system 0% nice 97% idle 0% iowait 0% irq 0% softirq
CPU4 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU5 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU6 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
CPU7 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq
Memory: 1964668k total, 1227508k used (62.5%), 444600k free (22.6%), 292560k freeable (14.9%)
Average network usage: 16588 / 16771 kbps in 1 minute, 13724 / 13874 kbps in 10 minutes, 13326 / 13512 kbps in 30 minutes
Average sessions: 2284 sessions in 1 minute, 1806 sessions in 10 minutes, 1803 sessions in 30 minutes
Average session setup rate: 14 sessions per second in last 1 minute, 13 sessions per second in last 10 minutes, 13 sessions per second in last 30 minutes
Average NPU sessions: 279 sessions in last 1 minute, 230 sessions in last 10 minutes, 215 sessions in last 30 minutes
Average nTurbo sessions: 20 sessions in last 1 minute, 18 sessions in last 10 minutes, 18 sessions in last 30 minutes
Virus caught: 0 total in 1 minute
IPS attacks blocked: 0 total in 1 minute
Uptime: 0 days, 6 hours, 12 minutes
diag sys top
Run Time: 0 days, 6 hours and 13 minutes
0U, 0N, 0S, 100I, 0WA, 0HI, 0SI, 0ST; 1918T, 426F
node 174 S 2.4 2.7 1
ipsengine 300 S < 0.4 3.7 7
ipsengine 298 S < 0.4 3.7 5
wad 254 S 0.4 3.1 0
sslvpnd 260 S 0.4 1.2 2
wad 250 S 0.4 0.3 0
ipsengine 299 S < 0.0 3.7 6
wad 253 S 0.0 3.3 1
wad 251 S 0.0 3.0 1
wad 255 S 0.0 2.6 0
ipshelper 187 S < 0.0 2.4 1
cmdbsvr 141 S 0.0 2.3 3
scanunitd 200 S < 0.0 1.9 2
miglogd 282 S 0.0 1.8 0
miglogd 193 S 0.0 1.8 1
extenderd 239 S 0.0 1.5 6
sslvpnd 195 S 0.0 1.4 6
fcnacd 191 S 0.0 1.3 6
cw_acd 229 S 0.0 1.3 3
csfd 240 S 0.0 1.2 1
diag debug enable
https://pastebin.com/taUBhDDS - Cant paste it here because it exceeds character limit.
Thanks,
Kindly get us the output of these two commands:
diag test application miglogd 20
diag test application miglogd 6
diag debug crashlog read
diag sniffer packet any 'host a.b.c.d' 4 0 a (where a.b.c.d is the fortianalyzer ip address), Once you run the sniffer we will be able to know whether firewall is sending packets or not to the fortianalyzer
bump
Hello
Has the problem been resolved?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1759 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.