Helpful ReplyHot!FortiAnalyzer Logging Stops

Author
shawnwaldman
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/12/12 17:30:42
  • Status: offline
2018/02/27 13:50:37 (permalink)
0

FortiAnalyzer Logging Stops

I have a FortiGate 200E that is setup to log to the FortiAnalyzer. From time to time, I'll log in to the Analyzer and notice that logging has stopped. Does anyone know how to setup an alert that will notify us that logging has stopped on the FortAnalyzer? I can fix it by logging in to the FortiGate and toggling the logging from real-time to every minute, that seems to get it going again. 
 
Shawn
#1
hzhao_FTNT
Expert Member
  • Total Posts : 344
  • Scores: 58
  • Reward points: 0
  • Joined: 2014/09/12 10:03:54
  • Status: offline
Re: FortiAnalyzer Logging Stops 2018/02/28 11:28:24 (permalink)
0
Hi Shawn,
 
By default, there will be some system event logs about "Device offline" as below:
 
2018-02-27 11:30:15 log_id=0029038009 type=event subtype=logdev pri=warning desc="Device offline" user="system" userfrom="system" msg="Device[xxxxxxxxxxxxxx] did not receive any log in last xx minutes."
 
In root ADOM, you can create an event handler based on this log and enable "Send Alert Email" on it.
 
Regards,
hz
#2
emnoc
Expert Member
  • Total Posts : 5108
  • Scores: 318
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: FortiAnalyzer Logging Stops 2018/02/28 12:23:52 (permalink)
0
Agreed and that's what we do. Generate a alert trigger for the device and devid and fire it off.
 
Ken

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#3
adawson_van_FTNT
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/01/18 13:25:27
  • Status: offline
Re: FortiAnalyzer Logging Stops 2019/01/18 13:49:58 (permalink) ☄ Helpfulby AtiT 2019/01/23 03:41:32
0
Please be advised that in FortiAnalyzer firmware version 6.0, the default configuration has changed to 1440 minutes 
 
FAZ-VM64-Bridged # get system locallog setting
log-interval-dev-no-logging: 1440
 
Therefore, the FortiAnalyzer will wait 24 hours to perform the log check and therefore generate a System Event Log if no logs have been received by the device.
 
However, it is important to consider that lowering this value and therefore increasing the frequency may hinder device performance.
#4
Jump to:
© 2019 APG vNext Commercial Version 5.5