Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ganesh_karale
New Contributor III

Created on ‎05-23-2024 01:07 AM

Fortigate not showing any logs for HA

Fortigate not showing any logs in Events >> HA Events.

Checked the same in FAZ and there also it is not showing any log for HA.

Both device are showing status Synchronized in HA section.

Trying to check ha history "diagnose sys ha history " but that is also not showing any output.

Please guide.. 

 

Labels:
994
0 Kudos
1 Solution
fricci_FTNT
Staff
Staff
In response to ganesh_karale

Created on ‎05-24-2024 12:48 AM Edited on ‎05-24-2024 12:53 AM

Hi @ganesh_karale ,

 

Thank you for your time on this so far.
The HA events severity seems stuck at warning level even if it is set to information. This is weird behaviour and I also find strange the below fact, 0 logs but there is actually a log:

FGT02 # execute log display
0 logs found.
0 logs returned.date=2024-05-23 time=13:32:55 eventtime=1716451375542942810 tz="+0530" logid="0108037898" ...


Have you tried to change the severity, save it, then change it back?
config log memory filter
set severity warning

end

config log fortianalyzer filter
set severity warning

end

 

then change it back to information.

 

If that does not work, try to failover and see if the issue is still there. I would then suggest you to open a ticket with our support so this can be properly investigated.

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.

View solution in original post

716
12 REPLIES 12
fricci_FTNT
Staff
Staff
In response to ganesh_karale

Created on ‎05-24-2024 06:42 AM

Excellent news, I'm glad I could help!

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
189
Debbie_FTNT
Staff
Staff

Created on ‎05-23-2024 07:15 AM

Hey Ganesh,

this maybe a stupid thing to check, but:

Your FortiGates are 100E models, with no disk, correct?

Can you check your logging configuration?

#show full log memory filter

#show full log fortianalyzer filter

-> by default, logging to memory (on devices with no disk) is set to severity warning, and the HA logs are below that threshold, so they would not be saved locally on FortiGate. They should still be sent to FortiAnalyzer with default filter settings, but we don't know your configuration.

 

Cheers,

Deborah

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
362
0 Kudos
ganesh_karale
New Contributor III
In response to Debbie_FTNT

Created on ‎05-23-2024 11:57 AM

Dear Deborah,

 

Yes log hard disk is not available. But in system events apart from HA events all other events are available.

In FAZ also the same situation

Please find below command details and snap for your reference.

===============================

config log memory filter
set severity information
set forward-traffic enable
set local-traffic disable
set multicast-traffic enable
set sniffer-traffic enable
set ztna-traffic enable
set anomaly enable
set voip enable
end

===============================

config log fortianalyzer filter
set severity information
set forward-traffic enable
set local-traffic enable
set multicast-traffic enable
set sniffer-traffic enable
set ztna-traffic enable
set anomaly enable
set voip enable
set dlp-archive enable
end

===============================

 

system events.jpgwifi events.jpgfortiswitch events.jpg

317
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.