Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dzequimassai
New Contributor

Created on ‎04-18-2024 03:22 PM Edited on ‎04-18-2024 03:26 PM

Forward traffic from Fortigate not showing on FortiAnalyzer

I have a FortiAnalyzer collecting logs from my entire network. However, I'm encountering an issue with three FortiGate devices that show an active connection and are sending logs to the FAZ. When I attempt to view the Forward Traffic logs on the FortiGate (selecting FAZ as the source) or directly on the FAZ itself, I receive a "No records found" message. Interestingly, when I switch to viewing System events, all logs are visible, leading me to believe that it's not a connection problem but rather a specific issue with Forward Traffic logs not being displayed. 

 

FGT are on 7.2.7

FAZ are on 7.4.1


Captura de tela 2024-04-18 192502.pngSystem EventsSystem EventsFoward TrafficFoward TrafficCaptura de tela 2024-04-18 191948.png

Labels:
443
0 Kudos
9 REPLIES 9
msolanki
Staff
Staff

Created on ‎04-19-2024 12:51 AM

Hi Please check if same logs  showing in fortigate disk/memory ? 

 

try to change below setting on fortigate and test.

config log fortianalyzer settings
set reliable enable
end

 

Check KB

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enable-Security-Event-logging-on-policy-wi...

 

Thanks

Madhav

 

 

398
0 Kudos
dzequimassai
New Contributor
In response to msolanki

Created on ‎04-22-2024 07:44 AM

Hi msolanki,

 

Changed to reliable but still not working, and yes I can see the logs on disk/memory.

 

On the FAZ size, when I try to check the logs on FortiView > Traffic nothing show up, but on the Log View > Traffic I can see the log files on the FAZ, apparently the FAZ is not able to performing the "get" operation to display the logs.

270
0 Kudos
vraev
Staff
Staff

Created on ‎04-19-2024 03:22 AM

Hi@dzequimassai,
Please review the following article:

https://community.fortinet.com/t5/FortiManager/Troubleshooting-Tip-How-to-troubleshoot-connectivity-...

 

Also select only one device and change to realtime and at the same time correlate under the FGT what is Log & Report > Local/Forward traffic.

Best,

V.R.
378
0 Kudos
dzequimassai
New Contributor
In response to vraev

Created on ‎04-22-2024 07:50 AM

Hi Vraev,

 

The conectivity between the FGTs and the FAZ is alright, I followed the article and still not working. 

 

When I changed the ADOM on the FAZ, changing the type of Security to Fortigate, resolved the problem for one hour, then stop working again 

268
0 Kudos
gimengo
New Contributor

Created on ‎04-20-2024 03:38 AM Edited on ‎04-23-2024 11:36 AM

in the fortianalyzer: logs>events> I find various information such as: system events, user events, vpn events, security rating, HA events among others but with respect to "routers events" I cannot locate it. in the fortigate if this information is found in the logs https://vidmate.bid/ .

351
0 Kudos
mpeddalla
Staff
Staff

Created on ‎04-20-2024 05:10 AM

Hello  @dzequimassai ,

 

Thank you for contacting the Fortinet Forum portal.

Can you please if the device is on HA ? there is a known issue on 7.2.7 to view logs for fortianalyzer ID : 932537

https://docs.fortinet.com/document/fortigate/7.2.7/fortios-release-notes/236526/known-issues

-Also verify if the same forward logs can be seen in fortianalyzer if yes please check the below article :

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-does-not-display-logs-from-Forti...

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGate-Logs-are-not-displayed-in/...

 

 

Best regards,

Manasa.

 

If you feel the above steps helped resolve the issue, mark the reply as solved so that other customers can get it easily while searching for similar scenarios.

344
0 Kudos
dzequimassai
New Contributor
In response to mpeddalla

Created on ‎04-22-2024 07:57 AM

Hi mpeddalla,

 

The three FGTs are on 7.2.6, and the logs are set to real time, I followed the article, but no matter what time period I select, still nothing show up.


The only time when worked was when I changed the ADOM on the FAZ, changing the type of Security to Fortigate, resolved the problem for one hour, then stop working again

266
0 Kudos
Yurisk
SuperUser
SuperUser

Created on ‎04-21-2024 06:34 AM

Additionally to all the said above - check that Fortigates do not have log sending filters configured. 

show log fortianalyzer filter

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
303
0 Kudos
dzequimassai
New Contributor
In response to Yurisk

Created on ‎04-22-2024 07:59 AM

Hi Yurisk,

 

The command return nothing, what leaves to believe that we have no filters, thus sending everything.

264
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.