FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
This article describes the steps undertaken to address the issue of being unable to generate reports on FortiAnalyzer running v7.2.3 and above.
Scope
FortiAnalyzer.
Solution
Challenge: Experienced difficulty in generating reports on FortiAnalyzer. The platform showed numerous reports in a pending state.
Actions Taken:
The issue was reproduced for a detailed understanding.
Logs and error evidence were collected for analysis.
Multiple commands were executed to diagnose the issue:
The current status of pending reports was checked: 'diagnose report status pending' and running reports were checked with the commands: 'diagnose report status running'
Attempted to reset task history with: 'diagnose dvm task reset'
However, this command did not resolve the pending reports issue, even after a reboot.
The report queue was cleared using the 'diagnose report clean report-queue'
Several processes were restarted to attempt to resolve the issue, including the sqlreportd daemon:
diag test application sqlreportd 99 diag test application sqlplugind 99 diag test application sqllogd 99
Post-actions, the pending reports were verified to be cleared. Able to successfully generate reports afterward.
The FortiAnalyzer issue of generating reports was addressed by clearing the report queue and restarting specific processes. Should such an issue arise, it is advised to follow the steps mentioned above. For any further assistance, it is possible to contact the Fortinet Support Center.
