Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No entries found in all log
Hi all,
Why don' t see the log even if checked ?
Thank you in advance
ab
ab
21 REPLIES 21
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am not sure that the FG-200B has a log disk or only some flash.
Check the cli settings:
config log disk setting
set status enable
set storage <disk, memory, FLASH> --- usually these are the options !!! changing the storage may require to reboot the device !!!
or
config log memory setting
set status enable
The most important is to check where the logs are stored and set the gui settings to read these logs:
config log setting
set gui-location <memory, disk, fortianalyzer...>
If I were you I try this:
config log setting
get
--- check the gui-settings if it is memory, disk etc...
than
config log disk setting
get
config log memory setting
get
--- check the " status" enable/disable at these two options. If you have somewhere enabled than set the gui-location to that.
Optionally you can set to log to disk, flash etc with the commands above. Be aware of the possobility that the FortiGate will need to be restarted. It will warm you and ask you whether to continue and reboot or discard the settings and not reboot.
AtiT
AtiT
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also the screenshot you sent is for the event log. The logging that you enabled in the policy wont show up in the event log, but the ' Traffic' log.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you using VDOMs? If yes than try:
" config global" and then the commands
or for a specific VDOM:
config vdom
edit <vdom name>
AtiT
AtiT
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Traffic log you can enable on the firewall policy directly.
As the logging enabled on the policy is the basic setting on firewall I recommend you to read the http://docs.fortinet.com/uploaded/files/1084/fortigate-loggingreporting-50.pdf
Also documents on http://docs.fortinet.com are recommended to read.
AtiT
AtiT
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi AtiT,
thank you in advance, I checked configuration and I think the problem is the storage
not allocated (and less space for this work).
I try log in syslog server without success, there' s log for read error syslog?
Attached my config for syslog fortinet and server.
Thank you very much for the help.
(for your questions of VDOM yes, ther' s 3 VDOM config ...)
ab
ab
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I forgote ...
Port 15000 on server is open ...
ab
ab
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
The not allocated space on the storage could be a problem but I am not sure. I think the space will be used until the flash will be full and the logs will be deleted and rewrited with new logs.
Check the ' get sys status' command and look at the row Log Disk Status:
Probably the flash need to be formatted - It will probably reboot the FGT!
I downloaded Splunk and set up syslog on it and it is working. Try to disable CSV - probably is not supported on Slunk (I did not checked that).
Also you can try to capture packets on port 15000 like:
diagnose sniffer packet any ' port 15000' 4
Check whether some syslog messages are sent to this port.
AtiT
AtiT