To ensure what causes an issue, Analytic does not appear in the log, run the command diagnose debug klog.

If having an error as below from klog :

<7>[48627.951510] sd 0:0:1:0: [sdb] tag#2 Failed to abort cmd 00000000XXXXXXXX
<6>[48627.951516] sd 0:0:1:0: [sdb] tag#2 UNKNOWN(0x2003) Result: hostbyte=0x03 driverbyte=DRIVER_OK cmd_age=33s
<6>[48627.951519] sd 0:0:1:0: [sdb] tag#2 CDB: opcode=0x88 XXXXXXXXXXXX
<3>[48627.951522] blk_update_request: I/O error, dev sdb, sector 857082200 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0

1. Failed to abort the command is happening on the sdb.
2. I/O error = Physical read failure.
3. Sector 857082200 = ~428.5GB into the disk (sector 857082200 × 512 bytes).
4. READ operation failed= Cannot read data from disk.
5. This means multiple areas of the disk are failing; this is a critical disk failure.

diagnose system print partitions

major minor #blocks name fstype
1 0 4096 ram0
1 1 4096 ram1
1 2 4096 ram2
1 3 4096 ram3
7 0 10240 loop0 ext2
8 0 2097152 sda
8 1 1048576 sda1 ext3
8 16 5905580032 sdb
252 0 5905575936 dm-0

SDB = 5.9TB virtual disk (5905580032 blocks) [Calculation 1K-block / 104876].

DM-0 = LVM logical volume using almost all of sdb (5905575936 blocks).

If the LVM logical volume is used almost disk, check from the Virtual Machine Environment disk health. This needs to be checked internally by the end user as TAC only manages the instance of FortiAnalyzer and not the Virtual Machine device.

If diagnose debug klog does not show any abnormal error, basically run the diagnose fsck harddisk to repair and check the disk.