I also using 7.4 FAZ, it work until now. You need to check at the first
step that FAZ generate the log with "Did not receive any log from device
XXX in past X minutes"
What do you mean by not generating event correctly? It match your
situation when FG loses connection to FAZ via VPN connection, it also
avoids false alert if tunnel up/down continuously.
In that case, you can configure the FAZ alert if not recieve log from FG
after x
minutes.https://community.fortinet.com/t5/FortiAnalyzer/Technical-Tip-Creating-alerts-when-FortiAnalyzer-stops-receiving/ta-p/195250
