I inherited a Fortigate 800C and FortiAnalyzer 100B - and I am pretty sure the Analyzer is not working right.
On the Fortigate, the "Send Logs to FortiAnalyzer" is checked, the IP Address is right, test connectivity shows all is ok. "Enable all" is checked for event logging
On the Analyzer, under Devices it shows the Fortigate Unit, has check marks for all permissions and shows "Data was received on 2015-01-12" and 8gb of logs are in use. In the summary list of devices, the "logs" column shows a green light.
On the Analyzer, When I go into "Log and Archive" and select "Traffic Log" I see screens of traffic events
But I don't seem to get anything. When I go to reports-Bandwidth and App Usage: "Top Users by Sessions" and "Top applications by sessions" have bar charts, but all the rest just say "No Data"
In the "Web Usage", Threats", Predefined Reports" etc. all of the charts just say "No Data"
it is running 4.0 MR3 patch 8 ( which is the last version for the 100B )
Does this sound familiar to anyone? Any help would be appreciated
Mark
In logview, traffic tab, do you have username shown on your data ?
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Yes and user also authenticate on fortigate device. its only happens when we try to generate specific user based report
User | Count |
---|---|
2674 | |
1410 | |
810 | |
702 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.