Too slow. Is there a way to speed up FortiAnalyzer?

Question

Does anyone know if there is a way to speed up FAZ? We're running version 6.2.1 on VMware and we receive about 4GB of logs per day. I just upped the CPUs to qty 6 and bumped the RAM to 16GB, but the UI is still sluggish. I can move the storage from a 10Gbit SAN over to SSDs, but I'd need to justify that with my team before I can move a bunch of logs to expensive SSDs!

For example if I pick any ADOM and go to SOC and chose Traffic -> Top Sources and filter for the last 1 hour, it takes about 15-20 seconds to display the data.

What should I be looking for in order to find the bottleneck? Am I unreasonable to think that I should see this information near instantaneously? A couple seconds at most?

Thanks!

tsimeonov_FTNT · Answer

it is better if you could opened a support ticket as somebody needs to look at the FAZ and run some diagnostics.

When you opened a ticket provide following outputs to the support engineer:

get sys status

diag fortilog log

diag log device

diag test app sqlr 2

diag sql status sqlpl

diag hard info exe sql-report list-schedule all autocache-only detail

sh sys log-forward

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded