Hi Experts,
I am new to this community and would like to ask for help and advice from all the experts out there.
Has anyone here already encountered an unexpected power-off and when you check the event logs it the power-off shows 15 minutes late. I have a Firewall that suddenly went down at 2:15 PM then went UP again at 2:30 PM. When I check the event logs it shows that the Fortigate had experienced an unexpected power off at 2:30 PM which is 15 minutes late.
Best Regards,
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It's probably because unlike a reboot when the FGT lost power it couldn't record anything by software like a time stamp because power was lost. Then when it came backup it gathered information from hardware as much as possible for what might have happened. But for the reason above the time stamp was not the part of info it was able to gather.
If it's in a-p HA, you can know when an a-p swap happens as the result of the down primary. But if it's a stand-alone and if you or someone was not there to experience the down in person, you wouldn't be able to tell exactly when it went down only based on the device's event log.
Toshi
I forgot to add, I would like to know why the log is showing late 15 minutes late,
It's probably because unlike a reboot when the FGT lost power it couldn't record anything by software like a time stamp because power was lost. Then when it came backup it gathered information from hardware as much as possible for what might have happened. But for the reason above the time stamp was not the part of info it was able to gather.
If it's in a-p HA, you can know when an a-p swap happens as the result of the down primary. But if it's a stand-alone and if you or someone was not there to experience the down in person, you wouldn't be able to tell exactly when it went down only based on the device's event log.
Toshi
Hi dom,
You may run below command to check the device's uptime to verify if the reboot log is genuine:
#get system performance status
Run below commands as well to possibly get more info:
#diag debug crashlog read
#diag alertconsole list
Hi Btan,
Thank you for the advice I have ran the commands.
#get system performance status - Server uptime shows 1 day 21 hours
#diag debug crashlog read - last crash log was 2021-12-15
#diag alertconsole list - the system start at 2:30 PM which.
I think what Toshi_Esumi advise earlier is right.
Hi Everyone,
I reached out to Fortinet support and was informed the log will be reported once the device is powered on.
They performed a test on their test firewalls. They power cycle their test firewall at 12:24, connected back at 12:27, and the device came back at 12:29, please see the logs sent by support
date=2021-12-24 time=12:29:01 eventtime=1640377738389147660 tz="-0800" logid="0100032009" type="event" subtype="system" level="information" vd="root" logdesc="FortiGate started" msg="Fortigate started"
date=2021-12-24 time=12:29:01 eventtime=1640377664961912960 tz="-0800" logid="0100032200" type="event" subtype="system" level="critical" vd="root" logdesc="Device shutdown" msg="Fortigate had experienced an unexpected power off!"
Thanks for everyone's help.
That's what I tested before posting my original comment. -Toshi
Hi All,
Fortinet support did a test on their firewalls, please see their ticket update below:
Hi Customer, |
Thank you for everyone's help and advice.
Best Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.