AI Threat Analytics troubleshooting and debugging
You can use the following tools to diagnose and troubleshoot Threat Analytics issues in FortiADC.
Dashboard
From the FortiADC main dashboard, statuses relating to Threat Analytics is displayed in several widgets.
License
From the License widget, you can check the status of your Threat Analytics service license. You must have a Threat Analytics service license in order to use this integrated service for FortiADC logs. You will not be able to connect to the FortiWeb Cloud server without a valid license.
Security Fabric
From the Security Fabric widget, you can check the status of the Threat Analytics connector.
Threat Analytics
The Threat Analytics dashboard widget displays the connection status to the FortiWeb Cloud server and the status of the FortiADC attack log forwarding.
Threat Analytics connector
When you enable the Threat Analytics connector, the Fortinet AI Threat Analytics service license status will display.
The and icons indicate whether the Threat Analytics connector has successfully connected to the FortiWeb Cloud server. If the connection is down , FortiADC will first perform an inspection of the Fortinet AI Threat Analytics license status to determine whether the connection issue is caused by an invalid license. If a valid Fortinet AI Threat Analytics license exists, then further troubleshooting may be required to determine the root cause of the Threat Analytics connector issue.
Icon |
Threat Analytics connector status |
Guidelines |
---|---|---|
Connected |
The FortiADC is successfully connected to the FortiWeb Cloud server. | |
|
Valid License |
A valid license for Fortinet AI Threat Analytics service is present. The Threat Analytics connector is unable to connect to the FortiWeb Cloud server due to issues other than the license status. Further troubleshooting is recommended, such as checking your network settings. |
|
14-day Trial Started |
The 14-day evaluation license for Fortinet AI Threat Analytics service has been activated, but has not yet expired. The Threat Analytics connector is unable to connect to the FortiWeb Cloud server due to issues other than the license status. Further troubleshooting is recommended, such as checking your network settings. |
|
14-day Trial Expired |
The 14-day evaluation license for Fortinet AI Threat Analytics service has expired. The Threat Analytics connector is unable to connect to the FortiWeb Cloud server due to invalid license. Please contact the Fortinet Sales team to purchase the Fortinet AI Threat Analytics service license to continue using AI Threat Analytics. |
|
14-day Trial Not Started |
The 14-day evaluation license for Fortinet AI Threat Analytics service did not activate because FortiWeb Cloud was unable to identify the connecting FortiADC through the Fortinet Support Contract Email ID. FortiWeb Cloud requires the Email ID registered to the Fortinet Support Contract to identify and connect your FortiADC to the AI Threat Analytics service. When you attempt to enable the Threat Analytics connector before logging into your Fortinet Support Contract from FortiADC, the Threat Analytics connector will fail to connect. Please ensure to log into your Fortinet Support Contract from the System > FortiGuard page. |
|
No license. |
There is no basic FortiADC license. If the FortiADC is on a trial license, you also cannot activate the 14-day Evaluation License. Please contact the Fortinet Sales team to purchase a FortiADC license. |
CLI commands to view debug logs relating to AI Threat Analytics
Command |
Guidelines |
---|---|
diagnose debug module wassd |
To view the debug information of the wassd daemon. The wassd daemon forms the connection between FortiADC and FortiWeb Cloud and performs several integral functions when AI Threat Analytics is enabled. This includes the following:
Note: The wassd daemon is create for AI Threat Analytics and executes the |
diagnose debug module miglogd syslog |
To view the debug information for the miglogd syslog. AI Threat Analytics functionality requires FortiADC to send the attack logs to the FortiWeb Cloud via syslog (system logging protocol) that uses TCP SSL. In the case where communication issues arise between FortiADC and FortiWeb Cloud, you can use the |
diagnose system threat-analytics info |
To view the system information for AI Threat Analytics. |