Description
This article describes how to troubleshoot an issue where the Log View -> FortiGate -> Security -> Summary/All Types page gets stuck loading.
Scope
FortiAnalyzer v7.2.1 and v7.4.0 above.
Solution
The page in Log View -> FortiGate -> Security -> Summary/All Types keeps loading but the logs for individual events are present (Antivirus, Intrusion Prevention, Application Control...).
Troubleshooting:
Enable the debug command in the CLI:
diag debug application fazsvcd 255
diag debug enable
The expected debug output with this error is as follows:
{
"id": "4",
"jsonrpc": "2.0",
"method": "get",
"params": [ { "url": "\/fortiview\/adom\/root\/utm-event-summary\/run\/327286787", "session-id": "2271c97fe7c94edba6ad25c191249898", "apiver": 3 } ]
}
_process_rpcv2_request:1454: uri=/fortiview/utm-event-summary/run/327286787, adom=root, uri_sub=utm-event-summary/run/327286787
fazsvc_authenticate_request:949: sid=0 [bypass]
_process_request:963: pass=1 [sid=0, resource=fortiview/, userid=, userfrom=]
fazsvc_rsess_run_remotely:1020: jsonrpc=2.0 handler 'v3_fortiview_handlers' remotable, analyzer mode, apiver=3 sqldb_enabled=1
_fetch_cb:328: fetch query_id=327286787 status=3 cancel=0
handle_client_request:220: jsonapi response={ "jsonrpc": "2.0", "id": 4, "error": { "code": -32005, "message": "Server error: Failed to connect to database." } }.
handle_client_request:225: Prepare to sent the result to client 11. (ds_size=118)
handle_client_request:233: Send response to client successfully.
main:1241: Client 11 is accepted.
To resolve this:
The utm-event-summary are using siem database, which will require to enable the module:
config system global
set disable-module none
end
ENABLE SIEM module
Do you want to continue? (y/n)y
Note: Enabling the SIEM module will take up system resources.
Related article:
Technical Tip: How to improve FortiAnalyzer performances when FortiSIEM module is not needed.
