Hello. I'm very new to FortiNet products so please forgive me in advance. Under Security Events, on the summary page it says "No events" on everything, including AntiVirus. I have tested that the AntiVirus is working and logging events by going to eicar.org and trying to download their test files. If I click to view the AntiVirus logs, it does show those attempts were blocked. Why would it still show as "No events" in the summary? I tried changing to monitor instead of block, it lets the malware through and logs it, but that still does not show as a security event either.
The same thing goes for intrusion prevention. I see logs where connections were dropped to our webserver from the intrusion provention protocols, but they do not show as an event either in the summary.
Any and all help would be greatly appreciated. Thank you.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello. So my issue seems to have been with the GLOBAL region website for FortiGate Cloud. I am not sure if they are having website issues. From Security Fabirc->Fabric Connectors->Logging & Analytics->Logging Settings->Cloud Logging I disconnected my account and then logged back in. When I did, I saw it had a domain option. I left it as Global since that is what it defaulted to and what the cloud website was using previously. It still didn't work. So I disconnected it again and this time chose US and now everything works exactly how it should. That website looks and controls differently than the GLOBAL website. But anyway, now everything is working exactly like I had expected. I am seeing the summary and it's showing plenty of events now. Hope this helps anyone that has this problem in the future.
Hello @landonious
Could you please check that if "Historical FortiView" is enabled under Log settings ?
"Disk logging and historical FortiView must be enabled for the Summary tab to display valid data."
What are the results, if you run diagnose commands listed in the document below ?
regards,
Sheikh
I do not have any option that I can find anywhere that says "Historical FortiView" in Log Settings. I have a FortiGate 60F running 7.4.1 if that matters. It is using FortiGate Cloud (and I have the premium subscription). The diagnose command give me the following error, maybe I'm doing it wrong:
router # diagnose fortiview result event-log
command parse error before 'fortiview'
Command fail. Return code -61
The thing is, I see all the logs generated just fine, but they do not show as an event in the summary page.
Hi @landonious ,
In addition to @Sheikh please check also if logging is enabled in memory:
Memory is the only option I have for local logs.
On what firmware version is the Fortigate running?
v7.4.1 build2463 (Feature)
This looks like a cosmetic issue but i could not find anything to confirm it.
Also, just FYI, when I login to fortigate cloud premium, it is taking a very long time to login and then it pops up a red notice at the top right saying "unable to fetch reports" and "unable to fetch logs"
Please have a look here as it may help you verify your configuration :
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.