- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Security Events and AntiVirus
Hello. I'm very new to FortiNet products so please forgive me in advance. Under Security Events, on the summary page it says "No events" on everything, including AntiVirus. I have tested that the AntiVirus is working and logging events by going to eicar.org and trying to download their test files. If I click to view the AntiVirus logs, it does show those attempts were blocked. Why would it still show as "No events" in the summary? I tried changing to monitor instead of block, it lets the malware through and logs it, but that still does not show as a security event either.
The same thing goes for intrusion prevention. I see logs where connections were dropped to our webserver from the intrusion provention protocols, but they do not show as an event either in the summary.
Any and all help would be greatly appreciated. Thank you.
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello. So my issue seems to have been with the GLOBAL region website for FortiGate Cloud. I am not sure if they are having website issues. From Security Fabirc->Fabric Connectors->Logging & Analytics->Logging Settings->Cloud Logging I disconnected my account and then logged back in. When I did, I saw it had a domain option. I left it as Global since that is what it defaulted to and what the cloud website was using previously. It still didn't work. So I disconnected it again and this time chose US and now everything works exactly how it should. That website looks and controls differently than the GLOBAL website. But anyway, now everything is working exactly like I had expected. I am seeing the summary and it's showing plenty of events now. Hope this helps anyone that has this problem in the future.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @landonious
Could you please check that if "Historical FortiView" is enabled under Log settings ?
"Disk logging and historical FortiView must be enabled for the Summary tab to display valid data."
What are the results, if you run diagnose commands listed in the document below ?
regards,
Sheikh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I do not have any option that I can find anywhere that says "Historical FortiView" in Log Settings. I have a FortiGate 60F running 7.4.1 if that matters. It is using FortiGate Cloud (and I have the premium subscription). The diagnose command give me the following error, maybe I'm doing it wrong:
router # diagnose fortiview result event-log
command parse error before 'fortiview'
Command fail. Return code -61
The thing is, I see all the logs generated just fine, but they do not show as an event in the summary page.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @landonious ,
In addition to @Sheikh please check also if logging is enabled in memory:
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Memory is the only option I have for local logs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On what firmware version is the Fortigate running?
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
v7.4.1 build2463 (Feature)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This looks like a cosmetic issue but i could not find anything to confirm it.
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also, just FYI, when I login to fortigate cloud premium, it is taking a very long time to login and then it pops up a red notice at the top right saying "unable to fetch reports" and "unable to fetch logs"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please have a look here as it may help you verify your configuration :
If you have found a solution, please like and accept it to make it easily accessible for others.
