Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Carl_Wallmark
Valued Contributor

Is this a known issue between FortiOS 5.2.2 and 5.2.0 on the analyzer?

I have a Fortigate running 5.2.2 and a FortiAnalyzer running 5.2.0 (multiple customers have the same issue) and I am unable to view the logs on the firewall when selecting "Display logs from: FortiAnalyzer".

 

The logs are sent correctly to the analyzer and we can view the logs from the analyzer but all logs are emtpy on the firewall itself.

 

Is this a known issue ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
2 Solutions
scao_FTNT
Staff
Staff

can you check on FAZ if any crash? " diagnose debug crashlog read"

 

on FAZ 5.2.0 0618, there may have oftpd crash when view log from FGT and this issue is fixed for next patch release

 

Thanks

 

Simon

View solution in original post

neonbit
Valued Contributor

I've got the same issue and the TAC said it was a known bug that would be fixed.

 

Thanks for identifying the exact problem Simon. I ran the command and can see that my oftpd is crashing. Always nice to know why it's not working, and that there's a patch on the way for it :)

 

FAZVM64 # diagnose debug crashlog read
2014-10-06 16:08:26 <00392> firmware FAZVM64-5.2-build0618-140826 [VM]
2014-10-06 16:08:26 <00392> application oftpd
2014-10-06 16:08:26 <00392> *** signal 11 (Segmentation fault) received ***
2014-10-06 16:08:26 <00392> Register dump:
2014-10-06 16:08:26 <00392> RAX: 00007fa6372f2d18 RBX: 00007fa6372f2cd8
2014-10-06 16:08:26 <00392> RCX: 0000000000000000 RDX: 000000000219d8b0
2014-10-06 16:08:26 <00392> R8: 00007fa6372f2cd8 R9: 00000000000009b1
2014-10-06 16:08:26 <00392> R10: 0000000000000000 R11: 00007fa6325fc200
2014-10-06 16:08:26 <00392> R12: 00007fa6372f2ca0 R13: 000000000219d880
2014-10-06 16:08:26 <00392> R14: 00000000023fc971 R15: 0000000000001200
2014-10-06 16:08:26 <00392> RSI: 0000000000000001 RDI: 00007fa6372f2cd8
2014-10-06 16:08:26 <00392> RBP: 0000000041050df0 RSP: 0000000041050dd0
2014-10-06 16:08:26 <00392> RIP: 00007fa63787b2c6 EFLAGS: 0000000000010246
2014-10-06 16:08:26 <00392> CS: 0033 FS: 0000 GS: 0000
2014-10-06 16:08:26 <00392> Trap: 000000000000000e Error: 0000000000000006
2014-10-06 16:08:26 <00392> OldMask: 0000000000000000
2014-10-06 16:08:26 <00392> CR2: 0000000000000000
2014-10-06 16:08:26 <00392> Backtrace:
2014-10-06 16:08:26 <00392> [0x7fa63787b2c6] => ../../../lib/libfazcore_sysbase.
2014-10-06 16:08:26 <00392> [0x7fa6371ea9f6] => ../../../lib/libflgsqlutils.so (
2014-10-06 16:08:26 <00392> [0x7fa6371d9070] => ../../../lib/libflgsqlutils.so
2014-10-06 16:08:26 <00392> [0x7fa6371da015] => ../../../lib/libflgsqlutils.so
2014-10-06 16:08:26 <00392> [0x7fa6371dcca7] => ../../../lib/libflgsqlutils.so (
2014-10-06 16:08:26 <00392> [0x00414ce9] => /bin/oftpd
2014-10-06 16:08:26 <00392> [0x00415395] => /bin/oftpd
2014-10-06 16:08:26 <00392> [0x0040de99] => /bin/oftpd
2014-10-06 16:08:26 <00392> [0x0041c7b5] => /bin/oftpd
2014-10-06 16:08:26 <00392> [0x7fa6325fa20a] => ../../../lib/libpthread.so.0
2014-10-06 16:08:26

View solution in original post

7 REPLIES 7
netmin
Contributor II

We have no problems viewing the FAZ (5.2.0) logs from FGT (5.2.2) over a non-IPSec connection. Maybe it is related to FAZ over IPSec but only the FGT 5.2.0 release notes mention issues with FAZ/IPSec and Fortigates (214372).

scao_FTNT
Staff
Staff

can you check on FAZ if any crash? " diagnose debug crashlog read"

 

on FAZ 5.2.0 0618, there may have oftpd crash when view log from FGT and this issue is fixed for next patch release

 

Thanks

 

Simon

neonbit
Valued Contributor

I've got the same issue and the TAC said it was a known bug that would be fixed.

 

Thanks for identifying the exact problem Simon. I ran the command and can see that my oftpd is crashing. Always nice to know why it's not working, and that there's a patch on the way for it :)

 

FAZVM64 # diagnose debug crashlog read
2014-10-06 16:08:26 <00392> firmware FAZVM64-5.2-build0618-140826 [VM]
2014-10-06 16:08:26 <00392> application oftpd
2014-10-06 16:08:26 <00392> *** signal 11 (Segmentation fault) received ***
2014-10-06 16:08:26 <00392> Register dump:
2014-10-06 16:08:26 <00392> RAX: 00007fa6372f2d18 RBX: 00007fa6372f2cd8
2014-10-06 16:08:26 <00392> RCX: 0000000000000000 RDX: 000000000219d8b0
2014-10-06 16:08:26 <00392> R8: 00007fa6372f2cd8 R9: 00000000000009b1
2014-10-06 16:08:26 <00392> R10: 0000000000000000 R11: 00007fa6325fc200
2014-10-06 16:08:26 <00392> R12: 00007fa6372f2ca0 R13: 000000000219d880
2014-10-06 16:08:26 <00392> R14: 00000000023fc971 R15: 0000000000001200
2014-10-06 16:08:26 <00392> RSI: 0000000000000001 RDI: 00007fa6372f2cd8
2014-10-06 16:08:26 <00392> RBP: 0000000041050df0 RSP: 0000000041050dd0
2014-10-06 16:08:26 <00392> RIP: 00007fa63787b2c6 EFLAGS: 0000000000010246
2014-10-06 16:08:26 <00392> CS: 0033 FS: 0000 GS: 0000
2014-10-06 16:08:26 <00392> Trap: 000000000000000e Error: 0000000000000006
2014-10-06 16:08:26 <00392> OldMask: 0000000000000000
2014-10-06 16:08:26 <00392> CR2: 0000000000000000
2014-10-06 16:08:26 <00392> Backtrace:
2014-10-06 16:08:26 <00392> [0x7fa63787b2c6] => ../../../lib/libfazcore_sysbase.
2014-10-06 16:08:26 <00392> [0x7fa6371ea9f6] => ../../../lib/libflgsqlutils.so (
2014-10-06 16:08:26 <00392> [0x7fa6371d9070] => ../../../lib/libflgsqlutils.so
2014-10-06 16:08:26 <00392> [0x7fa6371da015] => ../../../lib/libflgsqlutils.so
2014-10-06 16:08:26 <00392> [0x7fa6371dcca7] => ../../../lib/libflgsqlutils.so (
2014-10-06 16:08:26 <00392> [0x00414ce9] => /bin/oftpd
2014-10-06 16:08:26 <00392> [0x00415395] => /bin/oftpd
2014-10-06 16:08:26 <00392> [0x0040de99] => /bin/oftpd
2014-10-06 16:08:26 <00392> [0x0041c7b5] => /bin/oftpd
2014-10-06 16:08:26 <00392> [0x7fa6325fa20a] => ../../../lib/libpthread.so.0
2014-10-06 16:08:26

Carl_Wallmark
Valued Contributor

Thanks!

 

We have the same issue, do we have a ETA on the next patch for FAZ ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
neonbit
Valued Contributor

FAZ 5.2.1 has been released. I've just tested it and it's all working great now!

scao_FTNT
Staff
Staff

Hi, neonbit, many thanks for the update

 

Simon

Carl_Wallmark

scao_FTNT wrote:

Hi, neonbit, many thanks for the update

 

Simon

I can also confirm it´s working now with 5.2.1 ! Thanks!

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Labels
Top Kudoed Authors