Resolved Issues
The following issues have been fixed in FortiAnalyzer version 5.4.0. For inquires about a particular bug, please contact Customer Service & Support.
Device Manager
| Bug ID | Description |
| 298415 | FortiAnalyzer cannot add FortiController 5103B as a syslog device. |
| 292606 | FortiAnalyzer cannot accept logs from FortiADC. |
| 279319 | Non-existing VDOMs with strange characters are displayed. |
| Bug ID | Description |
| 307732 | F3K2D-DC logs are recognized as Syslogs. |
Event Management
| Bug ID | Description |
| 299664 | The RPI field is missing from Syslog alert. |
| 287216 | Event Handlers returns SQL error: duplicated key (Alert ID) when inserting alert_logs. |
| 284440 | There is an invalid Ref Field in the FortiGate Logs. |
| 270264 | Change Device ID to Device Name in an Email subject line subject line. |
FortiView
| Bug ID | Description |
| 298726 | Top Threats may not show any results that reflect the corresponding threat logs. |
| 291597 | The Application icons are not displayed in FortiView and Log View. |
| 280309 | FortiView Resource Usage does not display peak values. |
| 280181 | FortiAnalyzer does not display IP/MAC information in DHCP logs. |
Logging
| Bug ID | Description |
| 300877 | Users are unable to choose columns when creating a table chart from dataset. |
Resolved Issues
| Bug ID | Description |
| 299509 | IPv6 logs that are sent to Syslog server via log forwarding are different from IPv6 logs that are sent directly from FortiGate. |
| 291652 | Fortilogd may be blocked by slow TCP log forwarding and stop receiving incoming logs. |
| 286804 | Search takes longer than expected and may return unexpected results. |
| 286190 | The “Last 5 min” interval option is missing from the FortiLog Time Interval List . |
| 284658 | FortiAnalyzer does not refresh the list of logs with the Go button. |
| 281953 | Advanced ADOM mixes up logs from different VDOMs. |
| 280891 | Several fields are missing when viewing FortiSandbox logs. |
| 280873 | String value in the Extension Field that is formatted using CEF is surrounded by quotes. |
| 280578 | When the Language setting is set to Japanese, FortiAnalyzer shows columns with the same heading. |
| 280192 | Base64 encoded “log-attack-context” log is not readable. |
| 280192 | Base64 encoded log-attack-context events are not readable on FortiAnalyzer. |
| 280053 | Attack Context ID for Intrusion Prevention logs are not parsed properly. |
| 278804 | FortiAnalyzer does not restrict the number for Last N days in Log View. |
| 278453 | FortiAnalyzer returns an error and stops a query when the Source IP is an invalid IP address. |
| 278077 | Traffic log table still displays the Date/Time column even though it has been disabled via Column Settings. |
| 276989 | Scan Start and End times should be displayed in a readable format instead of in epoch mode. |
| 276491 | GTP specific fields are missing in Event Log Viewer after an upgrade. |
Reporting
Resolved
| Bug ID | Description |
| 300569 | When there are many hcache tables, the SQL query for report generation may fail. |
| 298217 | The report generated for “Active Traffic Users” has data inconsistent with the dataset output. |
| 295987 | The “Top 20 Bandwidth Users” report that runs with the “Webfilter-Top-Web-Users-ByBandwidth” data set may not return correct data. |
| 292983 | The apprisk-ctrl-Common-Virus-Botnet-Spyware dataset may filter out botnet applications. |
| 291808 | Some VDOMs are missing under the Configuration tab of a report. |
| 286653 | When selecting a background image, the footer background color does not apply to the cover page. |
| 286588 | Creating hcache does not work after enabling the Report Group. |
| 284133 | When using the $flex_timescale, the Start time and End time are not correct in the SQL. |
| 283433 | User filter does not work when the username contains the \ character. |
| 275394 | FortiAnalyzer loses auto column update in chart when the dataset is changed. |
| 272777 | When query results contain the # character, it cannot be displayed in the table chart. |
| 262593 | Japanese characters in a PDF formatted report are displayed in an unexpected front style. |
| 257691 | Report line chart limits the number of items depending on the period specified for the report. |
| 231536 | A Group Report should not be generated when the Multiple Reports (Per-Device) option is selected. |
System Settings
| Bug ID | Description |
| 278334 | FortiAnalyzer displays inconsistent behavior for read-only admin profiles. |
| 270785 | When the license count is exceeded, the alert message does not appear. |
Resolved Issues
Others
| Bug ID | Description |
| 306160 | Syslog is trimmed when being forwarded to a syslog server. |
| 296481 | The getFazGeneratedReport XML call should include macro data in the report_ data.txt file. |
| 296228 | FortiAnalyzer should support TLS v1.1 and v1.2. |
| 295051 | Within a XML response, the report name always has prefix “S-{layout-id}_t{layout-id}-
“. |
| 294453 | Some SOAP API calls may not close connections. |
| 291013 | Oftpd may crash in some situations. |
| 286512 | Device version is not set in the CEF message header field. |
| 286498 | FortiAnalyzer does not back up logs to FTP when using log-file-archive-name extended . |
| 283832 | Oftp keeps updating the address from multiple VDOMs when the FortiAnalyzer override is enabled in each of the VDOMs. |
| 279760 | FortiAnalyzer returns an error when running searchFazLog using duration or sentbyte as searchCriteria with the XML API. |
| 277478 | Several ERROR: extra data after last expected column messages appear in the pgsvr.log. |
| 275008 | The fazmaild daemon stops working. |
| 241924 | The Drilldown to UTM tabs of FortiGate do not show the correct UTM log entry when the device is FortiAnalyzer. |