Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
richmyrobertsoncom
New Contributor

"FAZ error: No privilege" FortiClient errors uploading log files to FortiAnalyzer Cloud

Hello expertsI I have configured FortiClient EMS to apply an endpoint profile system setting to send FortiClient logs to FortiAnalyzer, but no logs are being sent. I confirmed the settings iFortiClient EMS are correct. Below are the relevant local log lines from the fazlogupload.log file from FortiClient.

 

20241112 07:32:48.841 TZ=-0800 [fazlogupload:INFO] log_upload:183 Uploading traffic logs
20241112 07:32:48.841 TZ=-0800 [fazlogupload:INFO] faz_comm:37 Connecting to {redacted}.ca-west-1.fortianalyzer.forticloud.com:514 (TLS: true)
20241112 07:32:49.008 TZ=-0800 [fazlogupload:DEBG] faz_comm:92 EMS serial:{redacted}
20241112 07:32:49.009 TZ=-0800 [fazlogupload:DEBG] faz_comm:93 EMS site: default
20241112 07:32:49.009 TZ=-0800 [fazlogupload:DEBG] faz_comm:94 FCT serial:{redacted}
20241112 07:32:49.010 TZ=-0800 [fazlogupload:DEBG] faz_comm:95 FCT UID: {redacted}
20241112 07:32:49.010 TZ=-0800 [fazlogupload:DEBG] faz_comm:96 Log type: traffic
20241112 07:32:49.010 TZ=-0800 [fazlogupload:DEBG] faz_comm:97 Timezone: -28800
20241112 07:32:49.010 TZ=-0800 [fazlogupload:DEBG] faz_comm:98 Username: rich
20241112 07:32:49.087 TZ=-0800 [fazlogupload:EROR] faz_comm:180 FAZ error: No privilege
20241112 07:32:49.088 TZ=-0800 [fazlogupload:EROR] faz_comm:101 Failed to send log upload request: no privilege
20241112 07:32:49.089 TZ=-0800 [fazlogupload:EROR] log_upload:208 Failed to process logs: upload failed
20241112 07:32:49.089 TZ=-0800 [fazlogupload:EROR] log_upload:101 Upload error: upload failed
20241112 07:32:49.090 TZ=-0800 [fazlogupload:DEBG] log_upload:75 Next log upload attempt in 60 seconds

 

The versions of FortiNet products being used are: 

  • FCT (7.2.5.0916)
  • EMS (7.2.5 build 1061)
  • FAZ (v7.4.5 build5874)

 

4 REPLIES 4
Jean-Philippe_P
Moderator
Moderator

Hello richmyrobertsoncom, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello,

 

@vraev@iyotov@heng Anyone of you can help @richmyrobertsoncom please?

 

Thanks in advance!

Jean-Philippe - Fortinet Community Team
iyotov
Staff
Staff

Hi,

 

FortiAnalyzer Cloud requires an additional license to allow logging from FortiClient. Please refer to

https://docs.fortinet.com/document/fortianalyzer-cloud/7.4.5/cloud-deployment/492871

https://docs.fortinet.com/document/fortianalyzer-cloud/7.4.5/cloud-deployment/216561

"Logs from non-FortiGate devices, such as FortiClient and FortiMail require additional licensing. See Licensing for more information."

 

With the licensing in check and updated on the FortiAnalyzer Cloud instance, you would need to manually Add Device in the FortiAnalyzer Cloud > Device Manager using the EMS serial number. It will not show up as "unauthorized" device.

 

Once all this is done, If the remote logging config was pushed correctly to the FortiClients, you should start seeing their logs in FortiAnalyzer Cloud. Bear in mind that this may take some time depending on the upload settings of the clients and the utilization of your FortiAnalyzer Cloud instance.

 

Should you have further issues, please create a Technical Support ticket.

.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors