Technical Tip: FortiAnalyzer SQL database rebuild start-time
Description
This article describes how to change the start-time of an SQL rebuild.
In FortiAnalyzer, it may occasionally be necessary to delete and rebuild the SQL database. Configuring the start-time allows the administrator to control how much log data is included in the rebuild and, consequently, how far back log searches and reports can extend afterward.
Note:
If choosing an earlier data for start-time than Log View currently shows, it may be necessary to modify the Log Storage Policy to ensure enough quota is allocated to Analytic data.
Scope
FortiGate, FortiAnalyzer.
Solution
To rebuild the SQL database with all log entries, check the start-time setting in the config system sql.
- Set the following value to rebuild the database with logs from 2000/01/01.
config system sql
set start-time 00:00 2000/01/01
end
- Rebuild the SQL database:
execute sql-local rebuild-db
Alternatively, it is also possible to request the rebuild of only a single ADOM.
execute sql-local rebuild-adom <ADOM-NAME>
Example on ADOM 'root':
execute sql-local rebuild-adom root
Note:
'Rebuild-Adom' is not supported on v7.6 releases.
Related article:
Technical Tip: FortiAnalyzer SQL database delete and rebuild