Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ppatel
Staff
Staff

Created on ‎08-30-2021 06:16 AM Edited on ‎12-15-2021 07:17 AM By Anonymous

Article Id 193594

Technical Tip: FSSO is missing logon information and 'Error: Insufficient buffer' is present in Collector Agent logs (debug)

Description
When enabling features at the DC, it is possible to start generating event logs that are too big to fit the FSSO CA buffer for processing and due to this the Collector Agent can miss some user logon events when monitoring method 'Check Windows Security Event Logs' is utilized.

When event record is too big to fit the FSSO CA buffer, it will raise an error called ERROR_INSUFFICIENT_BUFFER and the Collector Agent will skip this record.

Scope
For FSSO Collector Agent.

Solution
Switch the polling method to use the WMI.
For more information about FSSO monitoring methods check related article.

Note.
This behavior is implemented since FSSO 5.0272 (in previous releases the FSSO processing get stuck).

Labels:
652
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.