Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
x_member
Contributor

Logged data shown in FortiCloud, not shown in GUI

On a freshly configured FG60D using the free FortiCloud subscription limit of 1GB and running 5.2.3 all my Traffic,  Event and System Logs show as empty. Logging is configured to use FortiCloud and the FortiCloud website shows up to date log entries for this firewall as expected, but they cannot be viewed from the local Fortigate UI itself (regardless of browser used). The system resources readout through FortiCloud is non functional, reading a static 0% CPU and 58% RAM.

 

This is the second Fortigate unit on the account that I'm setting up for our test network. The primary unit's logging is configured in the same manner and works correctly in both the local UI and Forticloud.

 

Any ideas on how to resolve this issue?

1 Solution
Christopher_McMullan

Long story short: suspected bug.

 

Try this workaround in the meantime:

config system global

set gui-lines-per-page 20 //--the default is 50

end

 

Then go back and refresh the log view.

Regards, Chris McMullan Fortinet Ottawa

View solution in original post

17 REPLIES 17
vmartin_FTNT
Staff
Staff

Have you configured you Log Settings (found at Log & Report > Log Config > Log Settings) to display logs from FortiCloud in the GUI?

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

x_member

Thanks for responding.

vmartin wrote:

Have you configured you Log Settings (found at Log & Report > Log Config > Log Settings) to display logs from FortiCloud in the GUI?

Yes I have done this - each log section shows as "log location: Forticloud" with [Total -1] pages.

 

*EDIT*

Also worth noting that the Logging Volume Monitor shows 459 traffic log records recorded to Forticloud (default) for today so far.

x_member

After leaving the configuration untouched overnight it seems to have sorted itself out. All logs now match the Forticloud records and are displayed correctly in the browser UI.

 

vmartin_FTNT
Staff
Staff

I'm glad it's working, even if the reasons are unknown!

Technical Writer, FortiOS

Let me know if there's anything you want to see added to the FortiGate Cookbook.

x_member
Contributor

And interestingly enough I now have the same issue with our live firewall - no entries shown in the logs through the local (browser) UI but plenty of records in the Forticloud interface.

 

Seems that this is not a problem at our end - there have been no configuration changes to the live firewall in several days that could cause this.

gschmitt
Valued Contributor

[strike]Please go to Log&Report > Log Config > Log Settings and make sure Display Logs From is set to FortiCloud[/strike]

Just saw that you already done that... Nevermind 

x_member
Contributor

I've raised a ticket with support as I can't see how this can be a configuration issue.

 

Currently we've got two FG60Ds setup and in operation (1 protecting a test network and the other protecting our live LAN).

Both are configured for logging via FortiCloud (using the same FortiCloud account and the free subscription), and the live FG60D has been in operation without any system configuration changes since May.

 

Since Wednesday (shortly after the Test Firewall was brought up) either one / both have consistently shown no entries in any of their logs through the local UI whilst still showing data at the FortiCloud end. There seems to be no issue sending data to FortiCloud but an intermittent issue receiving it. The logs appear and disappear at the local end without any changes to configuration or status on either box. It makes continuing to configure the test network (and monitor live) an incredibly frustrating exercise as the Forticloud traffic logs view is not as fully featured.

Christopher_McMullan

Long story short: suspected bug.

 

Try this workaround in the meantime:

config system global

set gui-lines-per-page 20 //--the default is 50

end

 

Then go back and refresh the log view.

Regards, Chris McMullan Fortinet Ottawa

x_member

Christopher McMullan_FTNT wrote:

Long story short: suspected bug.

 

Try this workaround in the meantime:

config system global

set gui-lines-per-page 20 //--the default is 50

end

 

Then go back and refresh the log view.

That worked a treat - thank you.

 

Support had me remove the backup firewall from the FortiCloud account and set it to store logs in memory - this still left me with no logs on this device.

 

However this morning I changed the lines per page as above on both devices. This resolved the problem immediately for the main firewall (still attached to FortiCloud) but not the backup firewall with the logging set to memory. On reconnecting the backup firewall to FortiCloud logs were immediately displayed. 

 

I also tried values of 30 and 40 (for science!) but it seems that 20 is the magic number.

 

I'll feed this back under my ticket.

Labels
Top Kudoed Authors