Hi Everyone,
This is Naveen and I just joined this forum. I see It is very good forum with all useful discussions.
I have a problem with Log and Reports. We are using
Fortigate 200A with version 4.0 (MR2 Patch 2) and
Fortianalyzer 1000B with version 4.0 (MR2 patch 2).
In FortiGate, I have configured "Remote Logging & Archiving" with FAZ Ip address with minimum "debug" level.
I am able to see all event logs in FAZ, but unable to see Trffic logs. I think, because of this issue, FAZ is unable to show the reports and it says "No matching log data for this report". I have configured Layout, Data Filter and Schedule in FAZ.
It will be appreciable, if someone can help me to address this issue.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
navin.cool wrote:There was "Log Allowed Traffic" box checked on few Firewall Policy's. Now, I have enabled on all policy's.
Now, I am able to see live Traffic logs in FAZ,
ok
but still "no matching log data" in reports.
Maybe logs are not full indexed yet. Wait some time or reindex logs.
How to create a schedule to get live traffic report ?
'live traffic' means to me similar 'realtime', so i cannot see a 'schedule' for that
In another sense, configure your desired report and define a schedule is straightforward.
Look for FAZ 4.x docs in fortidocs site.
One more thing, for both FG and FAZ devices TAC support and FortiGuard Services are expired.
So, is this lead to any issues, in terms of logs & Reports ?
Not in those terms; you can run available reports in that firmware version.
However you couldn't upgrade firmware or get support from Fortinet
I am also trying to block few website using web filer, but its no working.
You couldn't use fortiguard webfilter without respective contract.
You could block websites using static urlfilter list, but this is a topic for another forum, not for FAZ one.
Hope it helps
regards
regards
/ Abel
Hello
check each firewall policy for "Log Allowed Traffic" box and mark it.
btw:
with those firmware versions you're out of TAC support; for better overall results consider upgrade to 4.3p18 your FGT200A and your FAZ to 4.3p8 (if you don't want to jump to SQL yet)
regards
regards
/ Abel
Hi Abel,
Thanks for your reply.
There was "Log Allowed Traffic" box checked on few Firewall Policy's. Now, I have enabled on all policy's.
Now, I am able to see live Traffic logs in FAZ, but still "no matching log data" in reports.
How to create a schedule to get live traffic report ?
One more thing, for both FG and FAZ devices TAC support and FortiGuard Services are expired.
So, is this lead to any issues, in terms of logs & Reports ?
I am also trying to block few website using web filer, but its no working.
Can you please suggest.
Hi,
navin.cool wrote:There was "Log Allowed Traffic" box checked on few Firewall Policy's. Now, I have enabled on all policy's.
Now, I am able to see live Traffic logs in FAZ,
ok
but still "no matching log data" in reports.
Maybe logs are not full indexed yet. Wait some time or reindex logs.
How to create a schedule to get live traffic report ?
'live traffic' means to me similar 'realtime', so i cannot see a 'schedule' for that
In another sense, configure your desired report and define a schedule is straightforward.
Look for FAZ 4.x docs in fortidocs site.
One more thing, for both FG and FAZ devices TAC support and FortiGuard Services are expired.
So, is this lead to any issues, in terms of logs & Reports ?
Not in those terms; you can run available reports in that firmware version.
However you couldn't upgrade firmware or get support from Fortinet
I am also trying to block few website using web filer, but its no working.
You couldn't use fortiguard webfilter without respective contract.
You could block websites using static urlfilter list, but this is a topic for another forum, not for FAZ one.
Hope it helps
regards
regards
/ Abel
Hi Abel,
Now I able to see reports traffic, as per the schedule.
But it shows only IP address in all reports, instead Hostnames/website names.
For example, I want to see top usage web site names under "Top Destination Volume". But it shows only IP address.
My FAZ is configured with external DNS server IP's. We dont have internal DNS servers.
Can you suggest, please.
FAZ use System->network->DNS setting for DNS lookups (fortiguard and reports)
Check those settings.
Check also your report layout . Each object should have "resolve host" selected to be sure.
i hope it helps
regards
/ Abel
Hi Abel,
Thank you for the suggestion.
I dont see any option like Lookup for Reports / Resolve hosts, under System--Network--DNS. There is only Primary DNS and Second DNS server IP address, which we have configured with external DNS Server IP's.
But, I have enabled "Resolve Host" and "Resolve service" on all charts under Report Layout. Then, I am able see services resolved in Reports (http, https etc). Still internal and external IP address are not resolved.
One more new question: In the reports, I see the traffic volume is visible in MB (Mega Bytes). We have 15Mbps Internet bandwidth from ISP. So, I want to get the reports to compare the Bandwidth usage (in bps), instead traffic volume (in MB).
Can you please suggest.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.