Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
chall_FTNT
Staff
Staff

Created on ‎06-01-2015 05:54 PM Edited on ‎09-08-2024 11:10 PM By Community Manager

Article Id 196099

Technical Tip: Restarting SQL rebuilds

Description

 

This article describes how to restart or check on the progress of SQL rebuilds in FortiAnalyzer.

 

In most cases, once a SQL rebuild has been initiated on a FortiAnalyzer, it is best to let it complete.

However, in some cases, it might be desirable to restart that SQL rebuild. 

 

This can be useful to restart the rebuild from a much later start-time. In that case, the rebuild would be faster and the resulting database would be much smaller.

 

Scope

 

FortiAnalyzer.


Solution

 

In the above example, change the start-time from the default value.

 

config system sql
...
    set start-time 2000/01/01  # <- Change this to some later time & date.
end

 

Current rebuild status:

 

diag sql status rebuild-db

 

Rebuilding log SQL database has been processed 40%.

Although it is not possible to cancel a rebuild, you can then just reissue the exact same rebuild command.

 

exec sql-local rebuild-db

 

After the resulting reboot, check the rebuild status again. Notice that it will reflect a lower %, indicating that the rebuild has restarted.

After a reboot:

 

diag sql status rebuild-db
Rebuilding log SQL database has been processed 5%

 

Note: Rebooting a FortiAnalyzer during the reboot process does not cancel the rebuild. The rebuild will resume from wherever it left off prior to reboot.

Alternate Approach: Using rebuild-adom

It is also possible to request the rebuild of only a single ADOM.
Again, re-issue the same command to do this.

First, run:

 

exec sql-local rebuild-adom root

Rebuild log SQL database of ADOM 'root' has been requested.
This operation will remove the log SQL database for ADOM 'root' and rebuild from log data.
Do you want to continue? (y/n)y

Request to rebuild ADOM 'root' sumbitted successfully.

 

diag sql status rebuild-adom
...
root             percent: 52% bg-rebuild:Yes start:"Mon () 2015_06_01 16:54:10" took:138(s) remain:127(s)...

Afterwards, run the following:

 

exec sql-local rebuild-adom root
...
diag sql status rebuild-adom
...
root             percent:  0% bg-rebuild:Yes start:"Mon (1) 2015_06_01 16:56:41" took:1(s) remain:10(s)...

 

In this case, the time at which the rebuild request was submitted is displayed and shows as being later than the first attempt.

Related article:
Technical Tip: FortiAnalyzer SQL database delete and rebuild

8257
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.