Helpful ReplyHot!FGT60E 5.4.1 not showing forward traffic logs and forticloud issue

Author
Paul S
Gold Member
  • Total Posts : 168
  • Scores: 8
  • Reward points: 0
  • Joined: 2011/05/02 16:49:52
  • Status: offline
2016/08/22 19:55:33 (permalink)
0

FGT60E 5.4.1 not showing forward traffic logs and forticloud issue

using standalone FG60E v5.4.1, logging to memory and forticloud (if I can get it working).
 
forward traffic logs are blank. I tried UTM events, all session and web profile "log-all-urls". log still blank.
 
also the forticloud test account button does not work and the account box is blank, but cannot be changed.

FG200D 5.6.5 (HA) - primary
FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.]
FAZ-VM 5.6.5  |  Fortimail 5.3.11
Network+, Security+
#1
awasfi_FTNT
Bronze Member
  • Total Posts : 55
  • Scores: 12
  • Reward points: 0
  • Joined: 2015/04/09 06:22:18
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/08/23 05:36:12 (permalink)
0
Hello,
 
Check the following:
config  log  memory filter
get                               <<-- list all options
Make sure forward-traffic logs enabled. If not then:
set forward-traffic enable
end
 
The same for FortiCloud:
config  log  fortiguard filter
set forward-traffic enable
end
 
Enable "Log Allowed Traffic" and select "All Sessions" on the firewall policy.
 
Make sure you display logs from the correct location(GUI):
"Log & Report >> Log Settings >> GUI Preferences >> Memory/FortiCloud"
 
FortiCloud you need to register the account first before using it (It's different than the account used for support portal). Under "Dashboard >> License Information" locate FortiCloud and register it then it should be available.
 
Regards,
 
#2
Paul S
Gold Member
  • Total Posts : 168
  • Scores: 8
  • Reward points: 0
  • Joined: 2011/05/02 16:49:52
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/08/23 12:08:49 (permalink)
0
I will do this. I like the CLI, but many of my colleagues do not.
 
Is there a way in the GUI to do this?

FG200D 5.6.5 (HA) - primary
FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.]
FAZ-VM 5.6.5  |  Fortimail 5.3.11
Network+, Security+
#3
awasfi_FTNT
Bronze Member
  • Total Posts : 55
  • Scores: 12
  • Reward points: 0
  • Joined: 2015/04/09 06:22:18
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/08/23 23:14:15 (permalink)
0
Hello,
 
Not every option available from CLI, however forward-traffic should be enabled by default.
It looks like the issue is the GUI location where you displaying the logs from.
 
Regards,
#4
Jaywant
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/10/27 22:24:49
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/10/05 06:54:48 (permalink)
0
Hello All,
 
I am also facing same issue but on FG60D and FG80C both has v5.4.1
Though policies got All traffic monitor and Log settings also has set forward-raffic enable
No logs under forward traffic logs.
 
It simply shows "No matching entries found." Though nothing has been filtered out...
 
Thanks
 
 
#5
fl0at0xff
Bronze Member
  • Total Posts : 39
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/08/23 00:13:56
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/10/20 22:33:03 (permalink)
0
Hello. I have the same problem (or a similar one) with Fortigate 60D / E 5.4.1 and with FortiWifi 60E. I just have lan and WAN connected, one policy to allow LAN to WAN all traffic with Log All Session enable. My devices connected to LAN interfaces are able to surf on the internet (policy and default route created). This policy rules log all sessions. In the log settings, I log all that I want on the memory and I display log from memory. But when I want to see log, I just see Deny: IP Connection Error.

I can't see allowed trafic and other potential deny. This is very strange because these log entries match my unique policy "LAN to WAN".
#6
emnoc
Expert Member
  • Total Posts : 5158
  • Scores: 333
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/10/21 04:26:47 (permalink)
0
This might help, beneficial for forticloud diagnostics
 
 
http://socpuppet.blogspot.com/2014/07/how-to-diagnostic-forticloud-issues-52ga.html
 

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#7
Justfly
New Member
  • Total Posts : 3
  • Scores: 2
  • Reward points: 0
  • Joined: 2012/05/01 06:12:09
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2017/01/05 10:23:28 (permalink)
0
Hi everybody,
 
I have the same issue (no log entry for forward traffic) as user  fl0at0xff .
We use a FortiWifi 60E (firmware 5.4.3)
 
Is there any solution for this problem?
 
Thanks a lot,
Justfly
#8
boneyard
Gold Member
  • Total Posts : 126
  • Scores: 6
  • Reward points: 0
  • Joined: 2014/07/30 11:15:18
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2017/01/08 05:32:37 (permalink)
0
Justfly can you please start a new thread? there are already three totally different situations in this one and yours is different also, just because it is now about version 5.4.3.
 
so new thread and show related configuration (policies, log settings, ...), what you are exactly looking at (fortianalyzer, forticloud, fortigate, ..?) screenshot of what you do see.
 
 
#9
ikovac
New Member
  • Total Posts : 9
  • Scores: 2
  • Reward points: 0
  • Joined: 2013/10/07 00:34:43
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2017/01/09 02:04:49 (permalink)
0
I have the same thing on FWF60C FortiOS ver 5.2.10. I guess FortiCloud service is not working properly. Here is what I have tried: https://forum.fortinet.com/FindPost/144556
 
For me it stopped working on 08.01.2017 at 18:05 CET
 
This is the result of the diag test that is not good: 
 
diag test application forticldd 3
Debug zone info:
    Home log server: 0.0.0.0:0
    Alt log server: 0.0.0.0:0
    Active Server IP:      0.0.0.0
    Active Server status:  unknown
 
Do you have the same result if you try this diag test?
post edited by ikovac - 2017/01/09 02:06:41
#10
Justfly
New Member
  • Total Posts : 3
  • Scores: 2
  • Reward points: 0
  • Joined: 2012/05/01 06:12:09
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2017/01/13 11:10:19 (permalink) ☄ Helpfulby nhashem 2019/01/28 07:19:04
5 (1)
Hi,
I had the same problem.
Use the following commands to show allowed traffic in memory log.
 
config log memory filter
set severity information
end
 
Regards,
Justfly
 
#11
jeskudero
New Member
  • Total Posts : 12
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/04/11 06:18:12
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/04/11 06:27:57 (permalink)
0
Hello
 
I dont know if this post is closed but i put my doubt here.
 
I have similar issue than the others. I can´t see the forward traffic that is going trouhgt the fortigate (60E) in the GUI, but i have configured the syslogd to send the logs to an ELK server and i can see them getting rigth.
Here some information about the config:
 
FGT60E (global) # config log syslogd setting
FGT60E (setting) # get
status              : enable
server              : 192.168.X.X
reliable            : disable
port                : 5514
csv                 : disable
facility            : local7
source-ip           :


 
FGT60E (global) # config log syslogd filter
FGT60E (filter) # get
severity            : information
forward-traffic     : enable
local-traffic       : enable
multicast-traffic   : enable
sniffer-traffic     : enable
anomaly             : enable
voip                : enable
filter              :
filter-type         : include



The only thing i see is DNS message errors. like in this other post (https://forum.fortinet.com/tm.aspx?m=157361&high=forward+traffic+log)
 
post edited by jeskudero - 2018/04/11 07:38:11
#12
boneyard
Gold Member
  • Total Posts : 126
  • Scores: 6
  • Reward points: 0
  • Joined: 2014/07/30 11:15:18
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/04/14 01:33:30 (permalink)
0
@jeskudero see the post above you, what are the settings for the memory logging?
#13
jeskudero
New Member
  • Total Posts : 12
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/04/11 06:18:12
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/04/15 23:25:04 (permalink)
0
I dont have those settings. I have this one:
 
FGT60E (global) # config log memory global-setting
FGT60E (global-setting) # get
max-size            : 65536
full-first-warning-threshold: 75
full-second-warning-threshold: 90
full-final-warning-threshold: 95


I have vdom-admin enable, it could be the reason?
Thanks
#14
boneyard
Gold Member
  • Total Posts : 126
  • Scores: 6
  • Reward points: 0
  • Joined: 2014/07/30 11:15:18
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/04/28 04:30:57 (permalink)
0
it could be, but then you have those other settings in the vdom (i.e. root) settings, did you check there?
#15
jeskudero
New Member
  • Total Posts : 12
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/04/11 06:18:12
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/05/01 23:36:06 (permalink)
0
Yes, thats the thing
I cuold change the "config log memory filter" in the target vdom and now it works
 
Thanks
#16
NapaCab
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/12/13 18:26:04
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/05/11 09:50:00 (permalink)
0
The D & E models that do not have local storage, have logging limitations.  Unfortunately Fortinet doesn't seem to document this, but ran into this doing a POC on a FG200E and couldn't for the life of me figure out why logging wasn't working, and then remembered that it had no local storage, only option was logging to memory (or off-box).  Swapped it for a FG201E and the on-box logging all worked as expected.

It would be great if Fortinet would write a blurb about this in their docs and save people a lot of wasted time trying to get logging functionality to work on their D and E series boxes that do not have local storage. 
 
You can confirm whether or not your FG has local storage or not by looking at the Product Matrix:  https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf
 
Notice the 30E, 50E, 60D and 60E all lack local storage (the 51E has 32GB and the 61E have 128GB):
 
Model               FG/FWF-30E      FG/FWF-50E      FG-60D      FG/FWF-60E
Local Storage     —                    32 GB (51E)      —              128 GB (61E)
#17
mhdganji
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/11/07 23:40:58
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/11/09 03:23:26 (permalink)
0
I did all these ..on my 200E
And destination is set to memory but  nothing and nothing ..
Target vdom.. set to memory : severity information ..
Driving me crazy
 
FG200E000000000 (setting) # get
status              : enable
diskfull            : overwrite

FG200E000000000 (filter) # get
severity            : information
forward-traffic     : enable
local-traffic       : disable
multicast-traffic   : enable
sniffer-traffic     : enable
anomaly             : enable
voip                : enable
filter              :
filter-type         : include

FG200E000000000 (gui-display) # get
resolve-hosts       : disable
resolve-apps        : enable
fortiview-unscanned-apps: disable
fortiview-local-traffic: disable
location            : memory

FG200E000000000 (setting) # get
resolve-ip          : disable
resolve-port        : enable
log-user-in-upper   : disable
fwpolicy-implicit-log: disable
fwpolicy6-implicit-log: disable
log-invalid-packet  : disable
local-in-allow      : enable
local-in-deny-unicast: enable
local-in-deny-broadcast: enable
local-out           : enable
neighbor-event      : disable
brief-traffic-format: disable
user-anonymize      : disable
 
#18
mhdganji
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/11/07 23:40:58
  • Status: offline
Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/11/09 03:29:27 (permalink)
0
I changed the max-size, gave a reboot and finally worked .. Pfffffff
 
 
#19
Jump to:
© 2019 APG vNext Commercial Version 5.5