Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Andy_G
Staff
Staff

Created on ‎05-27-2015 07:19 AM Edited on ‎03-03-2025 08:54 AM By Moderator

Article Id 192363

Technical Tip: FortiAnalyzer SQL database rebuild start-time

Description

 
This article describes how to change the start-time of an SQL rebuild.

In FortiAnalyzer, it may occasionally be necessary to delete and rebuild the SQL database. Configuring the start-time allows the administrator to control how much log data is included in the rebuild and, consequently, how far back log searches and reports can extend afterward.

Note: If choosing an earlier data for start-time than Log View currently shows, it may be necessary to modify the Log Storage Policy to ensure enough quota is allocated to Analytic data.

 

Scope

 

FortiGate, FortiAnalyzer.


Solution

 

To rebuild the SQL database with all log entries, check the setting start-time in config system sql.
  1. Set the following value to rebuild the database with logs from 2000/01/01

 

config system sql
     set start-time 00:00 2000/01/01
end

 
  1. Rebuild the SQL database:

execute sql-local rebuild-db

 

Related article:

Technical Tip: FortiAnalyzer SQL database delete and rebuild

12603
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.