Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MOHAMMAD_ALAVI
New Contributor II

THE LOGS NOT RECEIVED

Dear guys, i' ve installed a FAL VM (with trial license) in order to evaluate it . i' ve set my FG to connect to FAL and it' s done successfully. and in FAL devices i can see the FG . but when i try to send the logs to FAL, i encounter with the message THE LOGS NOT RECEIVED . someone help me
UTM can not guarantee your data security . The security is a system, it's a collection of rules not only an appliance ...
UTM can not guarantee your data security . The security is a system, it's a collection of rules not only an appliance ...
13 REPLIES 13
CorneJvV
New Contributor

Are you have any VDOM' s enabled ? If yes, make sure about Static Routes and VDOM Links. I had the same issue a while ago, but I can' t remember how I solved it. It was something basic that I overlooked (all I can remember).
FCNSA FortiGate 60C, 110C, 200B, 310B FortiAnalyzer 100C FortiMail 100 FortiManager 100
FCNSA FortiGate 60C, 110C, 200B, 310B FortiAnalyzer 100C FortiMail 100 FortiManager 100
Dave_Hall
Honored Contributor

Make sure the fgt device privileges are set correctly in the FA.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
MOHAMMAD_ALAVI

The VDOM feature is disabled in FG ... And about the privileges, all of them has selected ...
UTM can not guarantee your data security . The security is a system, it's a collection of rules not only an appliance ...
UTM can not guarantee your data security . The security is a system, it's a collection of rules not only an appliance ...
Dave_Hall
Honored Contributor

Go into the event log (on the fgt) and confirm there are events showing. If not, you may need to reformat the logging device. Next, in the Log&Report->Log Setting->Upload logs remotely->FortiAnalyzer->click the Test Connectivity button -- tell us what the Connection Summary says.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
MOHAMMAD_ALAVI

Dear guys, i' m a FCNSA and FCNSP certified ... so i' ve done every advanced diagnosis you might think of . so just advise me some advanced tshoot ... i know the basic of joining a FortiAnalyzer with a FG
UTM can not guarantee your data security . The security is a system, it's a collection of rules not only an appliance ...
UTM can not guarantee your data security . The security is a system, it's a collection of rules not only an appliance ...
CorneJvV
New Contributor

I had the same issues about five months ago with a new appliance in our environment. I can' t remember what the solution was, but I do remember looking at it and thinking to myself, what a basic thing that was overlooked.
FCNSA FortiGate 60C, 110C, 200B, 310B FortiAnalyzer 100C FortiMail 100 FortiManager 100
FCNSA FortiGate 60C, 110C, 200B, 310B FortiAnalyzer 100C FortiMail 100 FortiManager 100
MOHAMMAD_ALAVI

Well i' m sure that i' ve done every basic step and also i' ve checked the Test connectivity on the FG and all the fields was ok except the LOGS status which showed " LOGS NOT RECEIVED " . so i thought that maybe something blocking the traffic . as you know the FG and FAL uses Syslog protocol and port 514 in order to sending and receiving logs . i' ve checked the session on FAL and realized that FG has initiated a session to FAL with mentioned port ... even i ' ve captured the traffic on FG and analyzed it with WIRESHARK and it seemed that the FG sending the correct traffic and i' ve found it checking the HEX section of traffic . that is all i' ve done .
UTM can not guarantee your data security . The security is a system, it's a collection of rules not only an appliance ...
UTM can not guarantee your data security . The security is a system, it's a collection of rules not only an appliance ...
Fullmoon

Do this under fortigate device. FWFXXX# config log fortianalyzer setting FWF6XXX(setting) # set upload-option realtime FWFXXX (setting) # end good luck :)

Fortigate Newbie

Fortigate Newbie
MOHAMMAD_ALAVI

As i said , it' s already set on realtime . i have tried both mode and the issue is exist as before
UTM can not guarantee your data security . The security is a system, it's a collection of rules not only an appliance ...
UTM can not guarantee your data security . The security is a system, it's a collection of rules not only an appliance ...
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors