Problem:- : Logs are not receiving on Fortianalyzer on real time from Fortigate
Troubleshoot Step :- please find as below
1.ping , Tracert , Telnet on 514
1.# exec ping x.x.x.x –>> (x.x.x.x -> Use fortianalyzer IP)
2.# exec telnet x.x.x.x 514
3.# exec tracert x.x.x.x
2. If connectivity is fine then try to get logs from Fortigate as below.
# exec log fortianalyzer test-connectivity
# get log fortianalyzer setting status
3. If out put of command as below that means connectivity is fine but still logs are not receiving.
FW-01 # exec log fortianalyzer test-connectivity
FortiAnalyzer Adom Name: root
FortiGate Device ID: FGTXXXXXXXX
Adom Disk Space (Used/Allocated): 164980780086B/2199023255552B
Analytics Usage (Used/Allocated): 150004597851B/1539316278886B
Analytics Usage (Data Policy Days Actual/Configured): 32/60 Days
Archive Usage (Used/Allocated): 14976182235B/659706976666B
Archive Usage (Data Policy Days Actual/Configured): 47/365 Days
Log: Tx & Rx (log not received)
IPS Packet Log: Tx & Rx
Content Archive: Tx & Rx
Quarantine: Tx & Rx
4. suspecting a resources issue so, FortiLogd service was stuck and causing the logs not inserted into the database
5. Now get console of fortianalyzer and restart restarted the fortilogd service by command as below.
#diag test app fortilogd 99
Solution := After restart services , you will get real time logs.
please monitor and if the issue reoccurs then take logs as provide the following before restarting the service. please contact to TAC team for further analysis.
1) The output of the command:
execute tac report
2) Download FortiANalyzer event logs under “System Settings >> Event Log” from top right click on “Download >> Download file in the normal format” and attach them to the ticket notes.
3) From shell
a) First, enable shell:
#config sys admin setting
#set shell-access enable
Enter new password: <<– it can be blank
Confirm new password:
b) Enter shell and run the command (dmesg)