New Member

Question

Analyzer can't finish rebuilding Log DB

Forum|Forum|6 years ago
January 24, 2020
1 reply
15259 views

Hi all,

I was presented with a FortiAnalyzer 400E from another unit we work with, which was purchased in 2016 but never taken out of the box. Since all units in our group now have Fortigate firewalls, I've been tasked with getting it going. It's now installed, and after having a missing disk 2 sorted out (SATA connector not mating on the backplane properly) it's running.

I have upgraded it to the latest OS for the 400E, 6.2.3, and connected our local Fortigate to the device. Logs are being sent to the Analyzer.

However, I can't do anything with the logs, because the Analyzer is stuck with the message "Rebuilding DB - Build Log DB..." on the console. If I click on this message, it shows 1% complete, and is at Step 2: Rebuilding SQL database...., estimated time remaining 42 minutes 44 seconds. Log and report features won't be fully available till rebuilding has completed."

It's been like this for two weeks now, and this persists between reboots, firmware upgrades, and CLI command fiddling. In the CLI, issuing

analyzer.new # diagnose sql status rebuild-db

Rebuilding log SQL database will be starting in a moment...

Is all that is shown.

analyzer.new # diagnose sql status rebuild-adom 
FortiAnalyzer is not in rebuild
FortiAuthenticator is not in rebuild
FortiCache is not in rebuild
FortiCarrier is not in rebuild
FortiClient is not in rebuild
FortiDDoS is not in rebuild
FortiMail is not in rebuild
FortiManager is not in rebuild
FortiNAC is not in rebuild
FortiProxy is not in rebuild
FortiSandbox is not in rebuild
FortiWeb is not in rebuild
Newc is not in rebuild
Syslog is not in rebuild
root is not in rebuild

- doesn't give anything useful either. Actually issuing the

analyzer.new # execute sql-local rebuild-db 
Rebuild the entire log SQL database has been requested.
This operation will remove the log SQL database and rebuild from log data.
This operation will reboot the device.
Do you want to continue? (y/n)y

Command reboots the device back in to the exact same state, achieving diddly-squat.

Can anyone help me fix this please?

Typically, as it's nearly four years old, we have no support contract :(

Cheers,

James

brazz_FTNT

Staff

Hey,

can you please run

[ul]

get system status

diagnose cdb upgrade summary

diagnose debug crashlog read[/ul]

Thanks

James_DoreAuthor

New Member

Sure:

analyzer.new # get system status 
Platform Type : FAZ400E
Platform Full Name : FortiAnalyzer-400E
Version : v6.2.3-build1235 191218 (GA)
Serial Number : FL-4HE3R16900167
BIOS version : 00020005
System Part-Number : P18712-02
Hostname : analyzer.new
Max Number of Admin Domains : 25
Admin Domain Configuration : Enabled
FIPS Mode : Disabled
Branch Point : 1235
Release Version Information : GA
Current Time : Mon Jan 27 11:30:29 GMT 2020
Daylight Time Saving : Yes
Time Zone : (GMT) London, Edinburgh.
x86-64 Applications : Yes
Disk Usage : Free 5482.83GB, Total 5501.21GB
File System : Ext4
FortiRecorder Cameras : 0 active / 12 allowed

analyzer.new # diagnose cdb upgrade summary

==== Configuration database upgraded from legacy version ====
2019-12-06 12:46:54 v6.2.2-build1183 191008 (GA)
2020-01-21 11:41:59 v6.2.3-build1235 191218 (GA)

analyzer.new # diagnose debug crashlog read

analyzer.new #

(i.e. no output for the last command).

Cheers,

James

brazz_FTNT

Staff

Hello,

Thanks for the update.

One questions

[ul]

Does this mean there is an old FAZ ? did you use the old config from your old FAZ ?

How many devices are on your NewFAZ? (diagnose dvm device list)

Are they actively sending logs to FAZ?(Check the LogView for Historical and Real time logs)

Also if nothing works properly at the end, you might consider formatting the FAZ completely and add the devices back to it. [/ul]

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded