Security Events and AntiVirus

landonious · ‎10-16-2023

Hello. I'm very new to FortiNet products so please forgive me in advance. Under Security Events, on the summary page it says "No events" on everything, including AntiVirus. I have tested that the AntiVirus is working and logging events by going to eicar.org and trying to download their test files. If I click to view the AntiVirus logs, it does show those attempts were blocked. Why would it still show as "No events" in the summary? I tried changing to monitor instead of block, it lets the malware through and logs it, but that still does not show as a security event either.

The same thing goes for intrusion prevention. I see logs where connections were dropped to our webserver from the intrusion provention protocols, but they do not show as an event either in the summary.

Any and all help would be greatly appreciated. Thank you.

landonious · ‎10-17-2023

Hello. So my issue seems to have been with the GLOBAL region website for FortiGate Cloud. I am not sure if they are having website issues. From Security Fabirc->Fabric Connectors->Logging & Analytics->Logging Settings->Cloud Logging I disconnected my account and then logged back in. When I did, I saw it had a domain option. I left it as Global since that is what it defaulted to and what the cloud website was using previously. It still didn't work. So I disconnected it again and this time chose US and now everything works exactly how it should. That website looks and controls differently than the GLOBAL website. But anyway, now everything is working exactly like I had expected. I am seeing the summary and it's showing plenty of events now. Hope this helps anyone that has this problem in the future.

View solution in original post

Sheikh · ‎10-17-2023

Hello @landonious

Could you please check that if "Historical FortiView" is enabled under Log settings ?
"Disk logging and historical FortiView must be enabled for the Summary tab to display valid data."

What are the results, if you run diagnose commands listed in the document below ?

https://docs.fortinet.com/document/fortigate/7.2.0/new-features/931430/updated-system-events-log-pag...

regards,

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**

landonious · ‎10-17-2023

I do not have any option that I can find anywhere that says "Historical FortiView" in Log Settings. I have a FortiGate 60F running 7.4.1 if that matters. It is using FortiGate Cloud (and I have the premium subscription). The diagnose command give me the following error, maybe I'm doing it wrong:

router # diagnose fortiview result event-log

command parse error before 'fortiview'
Command fail. Return code -61

The thing is, I see all the logs generated just fine, but they do not show as an event in the summary page.

dbu · ‎10-17-2023

Hi @landonious ,

In addition to @Sheikh please check also if logging is enabled in memory:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-filter-logs-are-not-visible-and-gettin...

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

landonious · ‎10-17-2023

Memory is the only option I have for local logs.

dbu · ‎10-17-2023

On what firmware version is the Fortigate running?

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

landonious · ‎10-17-2023

v7.4.1 build2463 (Feature)

dbu · ‎10-17-2023

This looks like a cosmetic issue but i could not find anything to confirm it.

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

landonious · ‎10-17-2023

Also, just FYI, when I login to fortigate cloud premium, it is taking a very long time to login and then it pops up a red notice at the top right saying "unable to fetch reports" and "unable to fetch logs"

dbu · ‎10-17-2023

Please have a look here as it may help you verify your configuration :

https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/189021/logging-traffic-with-fortigate-cl...

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

Security Events and AntiVirus

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website