Created on 04-12-2019 01:45 AM Edited on 04-08-2022 11:25 AM By Anonymous
Description
This article explains how to locate the anomaly logs in the FortiAnalyzer.
Solution
First, verify that the FortiAnalyzer receives logs properly from FortiGate.
In order to verify if the logs are received on FortiAnalyzer, run the following command on the FortiGate CLI to generate some test logs:
#diag log test
fgt (root) # diag log test
generating a system event message with level – warning
generating an infected virus message with level – warning
generating a blocked virus message with level – warning
generating a URL block message with level – warning
generating a DLP message with level – warning
generating an IPS log message
generating an anomaly log message
generating an application control IM message with level – information
generating an IPv6 application control IM message with level – information
generating deep application control logs with level – information
generating an antispam message with level – notification
generating an allowed traffic message with level – notice
generating a multicast traffic message with level – notice
generating a ipv6 traffic message with level – notice
generating a wanopt traffic log message with level – notification
generating a HA event message with level – warning
generating a VOIP event message with level – information
generating authentication event messages
generating a Forticlient message with level – information
generating a URL block message with level – warning
generating a DNS message with level – warning
generating an ssh-command pass log with level – notification
generating an ssh-channel block with level – warning
From FortiAnalyzer, check whether any logs are received under Log View tab, it may take a few minutes for the logs to populate depending on the log setting on the FortiGate (realtime/store and upload).
Log View > Antivirus
Log View > Security > Antivirus
If FortiAnalyzer did not receive any logs, check Fortinet's Knowledge Base to diagnose connectivity issues between Fortigate and FortiAnalyzer here.
Note: In FortiAnalyzer, under Log View > Security, anomaly category can not be found because the anomaly logs are stored under the intrusion prevention category.In order to locate the anomaly logs, under Log View > Security > Intrusion Prevention, add a filter for Event Type = anomaly and it should display the anomaly logs.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.