| Solution | When encountering issues in FortiSIEM, investigate these logs to gather information for troubleshooting: - Backend logs.
Run:
tail -f /opt/phoenix/log/phoenix.log
Contains information related to the backend processes of FortiSIEM.
Includes details about data processing, system events, errors, and backend activities within the application.
-
HTTPD Logs. Run:
tail -f /var/log/httpd/ssl_access_log
tail -f /var/log/httpd/ssl_error_log
-
ssl_access_log: Records all requests made to the Apache HTTP server involving SSL connections. Includes client IP address, requested URL, and HTTP response codes. -
ssl_error_log: Captures error messages and warnings related to SSL, such as handshake failures, certificate issues, and other SSL-related errors. -
Appsvr Logs. Run:
tail -f /opt/glassfish/domains/domain1/logs/phoenix.log
tail -f /opt/glassfish/domains/domain1/logs/server.log
-
phoenix.log (Appsvr path): Tracks application-specific logs for Phoenix, including deployments, startup/shutdown events, and Phoenix-related activities. -
server.log: Provides general GlassFish server logs, covering application deployments, server startup, errors, and overall server activity. -
FortiSIEM Backend Processes. Run:
phstatus
Key Takeaway. By collecting and analyzing logs from the above locations and checking process status, administrators can narrow down the cause of FortiSIEM issues. -
Search for the identified errors in the Fortinet Community Forum for troubleshooting and technical steps. -
If further assistance is required, contact Fortinet Support and provide the relevant log excerpts for faster resolution.
|
