Solved

Fortianalyzer

Posted on 2013-05-15
1
3,563 Views
Last Modified: 2013-05-23
We have a fortianalyzer and it is not seeing any logs when we go to Logs and Archive but according to the device statistics from the dashboard, it shows that the fortianalyzer is collecting logs just fine.  Testing connectivity from the Fortigate appliance works too to the analyzer.  It is just when we try to generate reports or try to look at the logs using the log and archive option, it doesn't show any updated logs.  It just shows logs from several months ago.

Does anyone have any idea on what the issue might be related to this?

thanks,
paula
0
Comment
Question by:LateNaite
1 Comment
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39171248
actually for fortianalyzer, the first place to check is the admin guide on the troubleshooting section (pg294). E.g.
http://docs.fortinet.com/fa/fortianalyzer-admin-40-mr3.pdf

There are couple of "closely related" issues e.g.
"No logs received with encryption enabled between a FortiGate unit and a FortiAnalyzer unit" and "HA log issue"

also you may want to check out below section:
- FortiAnalyzer - System Registration
- FortiAnalyzer Funkiness

http://firewallguru.blogspot.sg/search?q=FortiAnalyzer+

also just in case you want to verify the connectivity testing and the various means to do a quick connect check with test log

http://docs.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Log_Report/cb_log_backup%20solution.html

Before configuring the FortiGate unit, ensure both the FortiGate unit and the FortiAnalyzer unit have the same firmware version and maintenance release. If both do not have the same firmware version and maintenance release, issues may arise, such as being unable to send logs to the FortiAnalyzer unit.

To test the connection other than using the web-based manager, in the CLI use diag log test command. This command sends logs to the FortiAnalyzer unit. To verify the number of logs sent, failed, dropped or buffered to the FortiAnalyzer unit, use the diag fortianalyzer-log mgstats show command. Go to the FortiAnalyzer unit, and under Log & Archive, view the logs that you just sent from your FortiGate device.

If you are not seeing any logs on the FortiAnalyzer unit, verify that the device has been included in the Devices menu list.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now