Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
jstan
Staff
Staff

Created on ‎04-12-2019 01:45 AM Edited on ‎04-08-2022 11:25 AM By Anonymous

Article Id 196867

Technical Note : Anomaly logs are not showing up in FortiAnalyzer

Description

This article explains how to locate the anomaly logs in the FortiAnalyzer.


Solution
First, verify that the FortiAnalyzer receives logs properly from FortiGate.

In order to verify if the logs are received on FortiAnalyzer, run the following command on the FortiGate CLI to generate some test logs:

#diag log test
fgt (root) # diag log test
generating a system event message with level – warning
generating an infected virus message with level – warning
generating a blocked virus message with level – warning
generating a URL block message with level – warning
generating a DLP message with level – warning
generating an IPS log message
generating an anomaly log message
generating an application control IM message with level – information
generating an IPv6 application control IM message with level – information
generating deep application control logs with level – information
generating an antispam message with level – notification
generating an allowed traffic message with level – notice
generating a multicast traffic message with level – notice
generating a ipv6 traffic message with level – notice
generating a wanopt traffic log message with level – notification
generating a HA event message with level – warning
generating a VOIP event message with level – information
generating authentication event messages
generating a Forticlient message with level – information
generating a URL block message with level – warning
generating a DNS message with level – warning
generating an ssh-command pass log with level – notification
generating an ssh-channel block with level – warning

From FortiAnalyzer, check whether any logs are received under Log View tab, it may take a few minutes for the logs to populate depending on the log setting on the FortiGate (realtime/store and upload).
Log View > Antivirus
Log View > Security > Antivirus


 
 
If FortiAnalyzer did not receive any logs, check Fortinet's Knowledge Base to diagnose connectivity issues between Fortigate and FortiAnalyzer here.

Note: In FortiAnalyzer, under Log View > Security, anomaly category can not be found because the anomaly logs are stored under the intrusion prevention category.
 
In order to locate the anomaly logs, under Log View > Security > Intrusion Prevention, add a filter for Event Type = anomaly and it should display the anomaly logs.
 
 
 




8713
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.