Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
chall_FTNT
Staff
Staff

Created on ‎06-01-2015 05:54 PM Edited on ‎05-29-2025 03:36 AM By Staff

Article Id 196099

Technical Tip: Restarting SQL rebuilds

Description

 

This article describes how to restart or check on the progress of SQL rebuilds in FortiAnalyzer.

 

In most cases, once a SQL rebuild has been initiated on a FortiAnalyzer, it is best to let it complete.

However, in some cases, it might be desirable to restart that SQL rebuild. 

 

This can be useful to restart the rebuild from a much later start-time. In that case, the rebuild would be faster and the resulting database would be much smaller.

 

Scope

 

FortiAnalyzer.


Solution

 

In the below example, change the start-time from the default value. For example, if the analytics policy is set for 60 days, it is recommended to change the start-time to count 60 days before the current day.

 

config system sql
...
    set start-time 10:00 2025/04/01  # <- Change this to some later time & date.

Important: This command will set sql database start time to 10:00 2025/Apr/01!
Do you want to continue? (y/n)y

end

 

Current rebuild status:

 

diag sql status rebuild-db

 

Rebuilding log SQL database has been processed 40%.

Although it is not possible to cancel a rebuild, it is possible to then just reissue the exact same rebuild command.

 

exec sql-local rebuild-db

 

After the resulting reboot, check the rebuild status again. Notice that it will reflect a lower %, indicating that the rebuild has restarted.

After a reboot:

 

diag sql status rebuild-db
Rebuilding log SQL database has been processed 5%

 

Note: Rebooting a FortiAnalyzer during the reboot process does not cancel the rebuild. The rebuild will resume from wherever it left off prior to reboot.

Alternate Approach: Using rebuild-adom

It is also possible to request the rebuild of only a single ADOM.
Again, re-issue the same command to do this.

Note: 'Rebuild-Adom' is not supported on '7.6' releases. 

First, run:

 

exec sql-local rebuild-adom root

Rebuild log SQL database of ADOM 'root' has been requested.
This operation will remove the log SQL database for ADOM 'root' and rebuild from log data.
Do you want to continue? (y/n)y

Request to rebuild ADOM 'root' submitted successfully.

 

diag sql status rebuild-adom
...
root             percent: 52% bg-rebuild:Yes start:"Mon () 2015_06_01 16:54:10" took:138(s) remain:127(s)...

Afterwards, run the following:

 

exec sql-local rebuild-adom root
...
diag sql status rebuild-adom
...
root             percent:  0% bg-rebuild:Yes start:"Mon (1) 2015_06_01 16:56:41" took:1(s) remain:10(s)...

 

In this case, the time at which the rebuild request was submitted is displayed and shows as being later than the first attempt.

Related article:

9625
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.