FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
afornaris
Staff
Staff
Article Id 189669
Description
If the logs are not being uploaded to FortiCloud using either Realtime or Store-and-Upload methods, check the log server connections are not fluctuating using the following methods:
# diagnose test application forticldd 3 

Debug zone info: 
Home log server: 208.91.113.97:514 
Alt log server: 208.91.113.104:514 
Active Server IP: 208.91.113.97 
Active Server status: unknown 
....
Active APTServer status: up
# diagnose test application miglogd 20 

Home log server:
Address: 208.91.113.97:514, st: down 
oftp status: connecting 
spos: 0, slen: 0 
rpos: 0, rlen: 12 
Alternative log server: 
Address: 208.91.113.104:514, st: down 
oftp status: connecting

# diagnose test application forticldd 3

Debug zone info:

Home log server: 208.91.113.206:514
    Alt log server: 208.91.113.122:514
    Active Server IP:      208.91.113.206
    Active Server status:  up
    ......
    Active APTServer status:  unknown

Logs are not being uploaded to FortiCloud using either Realtime or Store-and-Upload methods.
The log server's connection status may or may not fluctuate as seen below:

# diagnose test application forticldd 3
Debug zone info: 
Home log server: 208.91.113.97:514 
Alt log server: 208.91.113.104:514 
Active Server IP: 208.91.113.97 
Active Server status: unknown 
....
Debug zone info:
Home log server: 208.91.113.97:514
Alt log server: 208.91.113.104:514
Active Server IP: 208.91.113.97
Active Server status: unknown
....
Active APTServer status: up

# diagnose test application miglogd 20
Home log server:
Address: 208.91.113.97:514, st: down
oftp status: connecting
spos: 0, slen: 0
rpos: 0, rlen: 12
Alternative log server:
Address: 208.91.113.104:514, st: down
oftp status: connecting

# diagnose test application forticldd 3
Debug zone info:
Home log server: 208.91.113.206:514
Alt log server: 208.91.113.122:514
Active Server IP:      208.91.113.206
Active Server status:  up
......
Active APTServer status:  unknown

Solution
This problem can be mitigated by disabling the resolve-ip option under log settings:
#config log setting
    set resolve-ip disable
#end

Contributors