Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
landonious
New Contributor III

Security Events and AntiVirus

Hello. I'm very new to FortiNet products so please forgive me in advance. Under Security Events, on the summary page it says "No events" on everything, including AntiVirus. I have tested that the AntiVirus is working and logging events by going to eicar.org and trying to download their test files. If I click to view the AntiVirus logs, it does show those attempts were blocked. Why would it still show as "No events" in the summary? I tried changing to monitor instead of block, it lets the malware through and logs it, but that still does not show as a security event either.

 

The same thing goes for intrusion prevention. I see logs where connections were dropped to our webserver from the intrusion provention protocols, but they do not show as an event either in the summary.

 

Any and all help would be greatly appreciated. Thank you.

1 Solution
landonious
New Contributor III

Hello. So my issue seems to have been with the GLOBAL region website for FortiGate Cloud. I am not sure if they are having website issues. From Security Fabirc->Fabric Connectors->Logging & Analytics->Logging Settings->Cloud Logging I disconnected my account and then logged back in. When I did, I saw it had a domain option. I left it as Global since that is what it defaulted to and what the cloud website was using previously. It still didn't work. So I disconnected it again and this time chose US and now everything works exactly how it should. That website looks and controls differently than the GLOBAL website. But anyway, now everything is working exactly like I had expected. I am seeing the summary and it's showing plenty of events now. Hope this helps anyone that has this problem in the future.

View solution in original post

14 REPLIES 14
Sheikh
Staff
Staff

Hello @landonious 

 

Could you please check that if "Historical FortiView" is enabled under Log settings ?
"Disk logging and historical FortiView must be enabled for the Summary tab to display valid data."

 

What are the results, if you run diagnose commands listed in the document below ?

https://docs.fortinet.com/document/fortigate/7.2.0/new-features/931430/updated-system-events-log-pag...

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
landonious
New Contributor III

I do not have any option that I can find anywhere that says "Historical FortiView" in Log Settings. I have a FortiGate 60F running 7.4.1 if that matters. It is using FortiGate Cloud (and I have the premium subscription). The diagnose command give me the following error, maybe I'm doing it wrong:

 

router # diagnose fortiview result event-log

command parse error before 'fortiview'
Command fail. Return code -61

 

The thing is, I see all the logs generated just fine, but they do not show as an event in the summary page.

dbu
Staff
Staff

Hi @landonious ,

 

In addition to @Sheikh  please check also if logging is enabled in memory:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-filter-logs-are-not-visible-and-gettin...

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
landonious
New Contributor III

Memory is the only option I have for local logs.

dbu

On what firmware version is the Fortigate running?

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
landonious
New Contributor III

v7.4.1 build2463 (Feature)

dbu

This looks like a cosmetic issue but i could not find anything to confirm it. 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
landonious
New Contributor III

Also, just FYI, when I login to fortigate cloud premium, it is taking a very long time to login and then it pops up a red notice at the top right saying "unable to fetch reports" and "unable to fetch logs"

dbu

Please have a look here as it may help you verify  your configuration :

https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/189021/logging-traffic-with-fortigate-cl...

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors