FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
The "sumreportsd" process ("summary reports daemon") is responsible for computing data for drill down widgets configured in the dashboard.

These are:
    • Top Web Traffic
    • Intrusion Activity
    • Virus Activity
    • Top FTP Traffic
    • Top Email Traffic
    • Top IM/P2P Traffic
    • Top Traffic
By default, it is not computing any data, and none of these drill down widgets are enabled in the configuration.

Depending on the hardware platform or on the amount of logs present in the FortiAnalyzer, "sumreportsd" may consume a considerable amount of CPU when running and may run for a considerable amount of time (from a few minutes, to hours, or even  longer if it has to compute new data while still processing old ones). The resulting effect is that drill down widgets may be empty or not up to date.

Below is an example of high CPU usage on the FortiAnalyzer.

Run Time:  59 days, 13 hours and 16 minutes
7U, 0N, 11S, 80I; 2027T, 1866F, 0KF
         sumreportsd      394      R      36.4     0.4
           fortilogd      367      S       1.1     1.3
                 cli    27152      S       1.1     0.5

Run Time:  59 days, 13 hours and 16 minutes
52U, 0N, 18S, 28I; 2027T, 1870F, 0KF
         sumreportsd      394      D      99.9     0.2
            logfiled      353      D       2.5     0.1
               oftpd      379      S       0.8     0.4

FortiAnalyzer software version 4.00 MR3.
FortiAnalyzer with drill down widgets enabled.
In case of high CPU usage and depending on the current environments on the FortiAnalyzer, it is possible to:
  • Change the Device being monitored (All FortiGates by default) to only the one(s) needed.
  • Reduce the Time Scope to a lower one (Hour or Day).
  • Disable all drill down widgets from all admin accounts if not sufficient.