On a freshly configured FG60D using the free FortiCloud subscription limit of 1GB and running 5.2.3 all my Traffic, Event and System Logs show as empty. Logging is configured to use FortiCloud and the FortiCloud website shows up to date log entries for this firewall as expected, but they cannot be viewed from the local Fortigate UI itself (regardless of browser used). The system resources readout through FortiCloud is non functional, reading a static 0% CPU and 58% RAM.
This is the second Fortigate unit on the account that I'm setting up for our test network. The primary unit's logging is configured in the same manner and works correctly in both the local UI and Forticloud.
Any ideas on how to resolve this issue?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Long story short: suspected bug.
Try this workaround in the meantime:
config system global
set gui-lines-per-page 20 //--the default is 50
end
Then go back and refresh the log view.
Regards, Chris McMullan Fortinet Ottawa
Have you configured you Log Settings (found at Log & Report > Log Config > Log Settings) to display logs from FortiCloud in the GUI?
Technical Writer, FortiOS
Let me know if there's anything you want to see added to the FortiGate Cookbook.
Thanks for responding.
vmartin wrote:Have you configured you Log Settings (found at Log & Report > Log Config > Log Settings) to display logs from FortiCloud in the GUI?
Yes I have done this - each log section shows as "log location: Forticloud" with [Total -1] pages.
*EDIT*
Also worth noting that the Logging Volume Monitor shows 459 traffic log records recorded to Forticloud (default) for today so far.
After leaving the configuration untouched overnight it seems to have sorted itself out. All logs now match the Forticloud records and are displayed correctly in the browser UI.
I'm glad it's working, even if the reasons are unknown!
Technical Writer, FortiOS
Let me know if there's anything you want to see added to the FortiGate Cookbook.
And interestingly enough I now have the same issue with our live firewall - no entries shown in the logs through the local (browser) UI but plenty of records in the Forticloud interface.
Seems that this is not a problem at our end - there have been no configuration changes to the live firewall in several days that could cause this.
[strike]Please go to Log&Report > Log Config > Log Settings and make sure Display Logs From is set to FortiCloud[/strike]
Just saw that you already done that... Nevermind
I've raised a ticket with support as I can't see how this can be a configuration issue.
Currently we've got two FG60Ds setup and in operation (1 protecting a test network and the other protecting our live LAN).
Both are configured for logging via FortiCloud (using the same FortiCloud account and the free subscription), and the live FG60D has been in operation without any system configuration changes since May.
Since Wednesday (shortly after the Test Firewall was brought up) either one / both have consistently shown no entries in any of their logs through the local UI whilst still showing data at the FortiCloud end. There seems to be no issue sending data to FortiCloud but an intermittent issue receiving it. The logs appear and disappear at the local end without any changes to configuration or status on either box. It makes continuing to configure the test network (and monitor live) an incredibly frustrating exercise as the Forticloud traffic logs view is not as fully featured.
Long story short: suspected bug.
Try this workaround in the meantime:
config system global
set gui-lines-per-page 20 //--the default is 50
end
Then go back and refresh the log view.
Regards, Chris McMullan Fortinet Ottawa
Christopher McMullan_FTNT wrote:Long story short: suspected bug.
Try this workaround in the meantime:
config system global
set gui-lines-per-page 20 //--the default is 50
end
Then go back and refresh the log view.
That worked a treat - thank you.
Support had me remove the backup firewall from the FortiCloud account and set it to store logs in memory - this still left me with no logs on this device.
However this morning I changed the lines per page as above on both devices. This resolved the problem immediately for the main firewall (still attached to FortiCloud) but not the backup firewall with the logging set to memory. On reconnecting the backup firewall to FortiCloud logs were immediately displayed.
I also tried values of 30 and 40 (for science!) but it seems that 20 is the magic number.
I'll feed this back under my ticket.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.