Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Alan_
Staff
Staff

Created on ‎11-24-2025 08:53 AM

Article Id 420238

Troubleshooting Tip: Editing a log-forwarder with a large numbers of entries may lead to FortiAnalyzer GUI crash

Description

This article explains a particular series of issues found on FortiAnalyzer.

 

FortiAnalyzer GUI on 7.4.8 and below may have issues correctly handling log forwarders with a large number of entries:

  • The cmdbsvr process gets stuck at 100% completion.
  • The GUI freezes for a few seconds (the CLI becomes unresponsive as well).
  • The ID of entries changes even if they have not been modified.

This can eventually lead to a crash of the FortiAnalyzer GUI and trigger a failover in an HA scenario, especially in scenarios where the FortiAnalyzer is under heavy logging.

 

FortiAnalyzer GUI crash exampleFortiAnalyzer GUI crash example
Scope FortiAnalyzer 7.4.8 and below.
Solution

This issue is addressed in the next release of FortiAnalyzer 7.4.9, 7.6.5 and 8.0.0 with the fix of bug 1205146.

 

Possible workarounds include:

  • Having log-forwarders with a smaller number of entries.
  • Edit the log-forwarder via the CLI.

 

CLI example:

 

config system log-forward
    edit 1
        config device-filter
            edit 1
                set adom TEST_FIREWALL"
            next
        end
    next
end

 

See the FortiAnalyzer CLI reference.
75
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.