- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- No Traffic logs visible and No matching log data i...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No Traffic logs visible and No matching log data in FortiAnalyzer 1000B
Hi Everyone,
This is Naveen and I just joined this forum. I see It is very good forum with all useful discussions.
I have a problem with Log and Reports. We are using
Fortigate 200A with version 4.0 (MR2 Patch 2) and
Fortianalyzer 1000B with version 4.0 (MR2 patch 2).
In FortiGate, I have configured "Remote Logging & Archiving" with FAZ Ip address with minimum "debug" level.
I am able to see all event logs in FAZ, but unable to see Trffic logs. I think, because of this issue, FAZ is unable to show the reports and it says "No matching log data for this report". I have configured Layout, Data Filter and Schedule in FAZ.
It will be appreciable, if someone can help me to address this issue.
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
navin.cool wrote:There was "Log Allowed Traffic" box checked on few Firewall Policy's. Now, I have enabled on all policy's.
Now, I am able to see live Traffic logs in FAZ,
ok
but still "no matching log data" in reports.
Maybe logs are not full indexed yet. Wait some time or reindex logs.
How to create a schedule to get live traffic report ?
'live traffic' means to me similar 'realtime', so i cannot see a 'schedule' for that
In another sense, configure your desired report and define a schedule is straightforward.
Look for FAZ 4.x docs in fortidocs site.
One more thing, for both FG and FAZ devices TAC support and FortiGuard Services are expired.
So, is this lead to any issues, in terms of logs & Reports ?
Not in those terms; you can run available reports in that firmware version.
However you couldn't upgrade firmware or get support from Fortinet
I am also trying to block few website using web filer, but its no working.
You couldn't use fortiguard webfilter without respective contract.
You could block websites using static urlfilter list, but this is a topic for another forum, not for FAZ one.
Hope it helps
regards
regards
/ Abel
regards
/ Abel
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
check each firewall policy for "Log Allowed Traffic" box and mark it.
btw:
with those firmware versions you're out of TAC support; for better overall results consider upgrade to 4.3p18 your FGT200A and your FAZ to 4.3p8 (if you don't want to jump to SQL yet)
regards
regards
/ Abel
regards
/ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Abel,
Thanks for your reply.
There was "Log Allowed Traffic" box checked on few Firewall Policy's. Now, I have enabled on all policy's.
Now, I am able to see live Traffic logs in FAZ, but still "no matching log data" in reports.
How to create a schedule to get live traffic report ?
One more thing, for both FG and FAZ devices TAC support and FortiGuard Services are expired.
So, is this lead to any issues, in terms of logs & Reports ?
I am also trying to block few website using web filer, but its no working.
Can you please suggest.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
navin.cool wrote:There was "Log Allowed Traffic" box checked on few Firewall Policy's. Now, I have enabled on all policy's.
Now, I am able to see live Traffic logs in FAZ,
ok
but still "no matching log data" in reports.
Maybe logs are not full indexed yet. Wait some time or reindex logs.
How to create a schedule to get live traffic report ?
'live traffic' means to me similar 'realtime', so i cannot see a 'schedule' for that
In another sense, configure your desired report and define a schedule is straightforward.
Look for FAZ 4.x docs in fortidocs site.
One more thing, for both FG and FAZ devices TAC support and FortiGuard Services are expired.
So, is this lead to any issues, in terms of logs & Reports ?
Not in those terms; you can run available reports in that firmware version.
However you couldn't upgrade firmware or get support from Fortinet
I am also trying to block few website using web filer, but its no working.
You couldn't use fortiguard webfilter without respective contract.
You could block websites using static urlfilter list, but this is a topic for another forum, not for FAZ one.
Hope it helps
regards
regards
/ Abel
regards
/ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Abel,
Now I able to see reports traffic, as per the schedule.
But it shows only IP address in all reports, instead Hostnames/website names.
For example, I want to see top usage web site names under "Top Destination Volume". But it shows only IP address.
My FAZ is configured with external DNS server IP's. We dont have internal DNS servers.
Can you suggest, please.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FAZ use System->network->DNS setting for DNS lookups (fortiguard and reports)
Check those settings.
Check also your report layout . Each object should have "resolve host" selected to be sure.
i hope it helps
regards
/ Abel
regards
/ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Abel,
Thank you for the suggestion.
I dont see any option like Lookup for Reports / Resolve hosts, under System--Network--DNS. There is only Primary DNS and Second DNS server IP address, which we have configured with external DNS Server IP's.
But, I have enabled "Resolve Host" and "Resolve service" on all charts under Report Layout. Then, I am able see services resolved in Reports (http, https etc). Still internal and external IP address are not resolved.
One more new question: In the reports, I see the traffic volume is visible in MB (Mega Bytes). We have 15Mbps Internet bandwidth from ISP. So, I want to get the reports to compare the Bandwidth usage (in bps), instead traffic volume (in MB).
Can you please suggest.
Related Posts
- Forward traffic from Fortigate not showing... 85 Views
- FortiAnalyzer "No Data" in Chart Builder,... 305 Views
- Incident Timeline is not showing up... 191 Views
- FortiAnalyzer Handlers 416 Views
- FortiGates unable to connect to FAZ... 1193 Views
Labels
-
FortiGate
6,457 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.