I'm having issues to receive logs from one of the Fortigate pair (the main one FTG01) via TCP TLS. I'm using a filebeat TCP input to receive these logs.
For some reason the FTG01 lose the connection with this input and it doesn't able to connect again, I only be able to receive the logs from the other FTG02, that doesn't lose the connection.
The logs only return after changing the syslog forwarding configuration, e.g. change the destination port to another and return it back.
Anyone had this issue before? Any ideas why it happening? Using TCPDUMP/Netstat , I only be able to see 1 single connection to my VM (which is the FTG02), I can't see attempts or failed connections.