- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Security Events and AntiVirus
Hello. I'm very new to FortiNet products so please forgive me in advance. Under Security Events, on the summary page it says "No events" on everything, including AntiVirus. I have tested that the AntiVirus is working and logging events by going to eicar.org and trying to download their test files. If I click to view the AntiVirus logs, it does show those attempts were blocked. Why would it still show as "No events" in the summary? I tried changing to monitor instead of block, it lets the malware through and logs it, but that still does not show as a security event either.
The same thing goes for intrusion prevention. I see logs where connections were dropped to our webserver from the intrusion provention protocols, but they do not show as an event either in the summary.
Any and all help would be greatly appreciated. Thank you.
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello. So my issue seems to have been with the GLOBAL region website for FortiGate Cloud. I am not sure if they are having website issues. From Security Fabirc->Fabric Connectors->Logging & Analytics->Logging Settings->Cloud Logging I disconnected my account and then logged back in. When I did, I saw it had a domain option. I left it as Global since that is what it defaulted to and what the cloud website was using previously. It still didn't work. So I disconnected it again and this time chose US and now everything works exactly how it should. That website looks and controls differently than the GLOBAL website. But anyway, now everything is working exactly like I had expected. I am seeing the summary and it's showing plenty of events now. Hope this helps anyone that has this problem in the future.
- « Previous
-
- 1
- 2
- Next »
Created on ‎10-17-2023 08:45 AM Edited on ‎10-17-2023 08:49 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't have these options. Is it because I am on 7.4.1?
EDIT: TO clarify, it is active but in the widget it says:
Status Activated
Log Retention Licensed
Storage Used 0 B
Sandbox Licensed
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes that was just a guide based on old version just to try and compare.
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But I say again: I do not have any of these options.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was looking at my Security logs in the event viewer, and I have thousands of events, like user account management almost nonstop, like seconds apart of events. The ids I'm seeing are 5382, 5379 and 4798, over and over. With logon and special logon. There are other events but most of the events are those three IDs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello. So my issue seems to have been with the GLOBAL region website for FortiGate Cloud. I am not sure if they are having website issues. From Security Fabirc->Fabric Connectors->Logging & Analytics->Logging Settings->Cloud Logging I disconnected my account and then logged back in. When I did, I saw it had a domain option. I left it as Global since that is what it defaulted to and what the cloud website was using previously. It still didn't work. So I disconnected it again and this time chose US and now everything works exactly how it should. That website looks and controls differently than the GLOBAL website. But anyway, now everything is working exactly like I had expected. I am seeing the summary and it's showing plenty of events now. Hope this helps anyone that has this problem in the future.

- « Previous
-
- 1
- 2
- Next »