Solved

Fortianalyzer

Posted on 2013-05-15
1
3,959 Views
Last Modified: 2013-05-23
We have a fortianalyzer and it is not seeing any logs when we go to Logs and Archive but according to the device statistics from the dashboard, it shows that the fortianalyzer is collecting logs just fine.  Testing connectivity from the Fortigate appliance works too to the analyzer.  It is just when we try to generate reports or try to look at the logs using the log and archive option, it doesn't show any updated logs.  It just shows logs from several months ago.

Does anyone have any idea on what the issue might be related to this?

thanks,
paula
0
Comment
Question by:LateNaite
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 39171248
actually for fortianalyzer, the first place to check is the admin guide on the troubleshooting section (pg294). E.g.
http://docs.fortinet.com/fa/fortianalyzer-admin-40-mr3.pdf

There are couple of "closely related" issues e.g.
"No logs received with encryption enabled between a FortiGate unit and a FortiAnalyzer unit" and "HA log issue"

also you may want to check out below section:
- FortiAnalyzer - System Registration
- FortiAnalyzer Funkiness

http://firewallguru.blogspot.sg/search?q=FortiAnalyzer+

also just in case you want to verify the connectivity testing and the various means to do a quick connect check with test log

http://docs.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Log_Report/cb_log_backup%20solution.html

Before configuring the FortiGate unit, ensure both the FortiGate unit and the FortiAnalyzer unit have the same firmware version and maintenance release. If both do not have the same firmware version and maintenance release, issues may arise, such as being unable to send logs to the FortiAnalyzer unit.

To test the connection other than using the web-based manager, in the CLI use diag log test command. This command sends logs to the FortiAnalyzer unit. To verify the number of logs sent, failed, dropped or buffered to the FortiAnalyzer unit, use the diag fortianalyzer-log mgstats show command. Go to the FortiAnalyzer unit, and under Log & Archive, view the logs that you just sent from your FortiGate device.

If you are not seeing any logs on the FortiAnalyzer unit, verify that the device has been included in the Devices menu list.
0

Featured Post

 Database Backup and Recovery Best Practices

Join Percona’s, Architect, Manjot Singh as he presents Database Backup and Recovery Best Practices (with a Focus on MySQL) on Thursday, July 27, 2017 at 11:00 am PDT / 2:00 pm EDT (UTC-7). In the case of a failure, do you know how long it will take to restore your database?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question