Description
This article provides basic troubleshooting when the logs are not displayed in FortiView
Useful links:
Logging FortiGate traffic
Logging FortiGate traffic and using FortiView
Solution
Log traffic must be enabled in firewall policies:
#config firewall policy
# edit <Policy_id>
# set logtraffic all/utm
#end
Check the log settings and select from the following:
#config log setting
#set
resolve-ip Add resolved domain name into traffic log if possible.
resolve-port Add resolved service name into traffic log if possible.
log-user-in-upper Enable/disable collect log with user-in-upper.
fwpolicy-implicit-log Enable/disable collect firewall implicit policy log.
fwpolicy6-implicit-log Enable/disable collect firewall implicit policy6 log.
log-invalid-packet Enable/disable collect invalid packet traffic log.
local-in-allow Enable/disable collect local-in-allow log.
local-in-deny-unicast Enable/disable collect local-in-deny-unicast log.
local-in-deny-broadcast Enable/disable collect local-in-deny-broadcast log.
local-out Enable/disable collect local-out log.
daemon-log Enable/disable collect daemon log.
neighbor-event Enable/disable collect neighbor event log.
brief-traffic-format Enable/disable use of brief format for traffic log.
user-anonymize Enable/disable anonymize log user name.
expolicy-implicit-log Enable/disable collect explicit proxy firewall implicit policy log.
log-policy-comment Enable/disable insertion of policy comment in to traffic log.
#end
Example:
#set resolve-ip enable
Configure where the logs will be sent:
#config log memory/disk/fortianalyzer/syslog setting
# set status enable
#end
Select the source of the log information in FortiView:
#config log gui-display
#set location
memory Display memory log.
disk Display disk log.
fortianalyzer Display FortiAnalyzer log.
forticloud Display FortiCloud log.
#end
Check that the severity is set to information, to view ALL the logs from the lowest severity level:
#config log memory/disk/fortianalyzer/syslog filter
#set severity information
#set
forward-traffic : enable
local-traffic : enable
multicast-traffic : enable
sniffer-traffic : enable
anomaly : enable
voip : enable
dns : enable
filter :
filter-type : include
Execute the following to restart the miglogd process:
#diag sys top 2 50
Wait some seconds to verify the PID of miglog, in this example is "55"
newcli 2151 R 1.4 1.0
sshd 2149 S 0.4 0.7
httpsd 147 S 0.0 1.6
pyfcgid 2147 S 0.0 1.5
miglogd 55 S 0.0 1.4
NOTE: Since 6.2 you will be able to find the process ID via:
# diag sys process pidof miglog
#diag sys kill 11 <PID> --> #diag sys kill 11 55
As an alternative you can as well use the following command to restart all miglogd processes at once:
fnsysctl killall miglogd
Run a log test:
#diag log test
To view the logs in FortiView from the FortiGate GUI either:
-Log off & and log on again
-Refresh the page
The logs will be shown under Log & Report
Related Articles
Technical Note : Logs not displayed because of corrupted flash memory