Help
FortiNDR (on-premise)
On-premise where solution process and store data on customer’s network. Supports Netflow and OT deployments.
srahmat
Staff
Staff

Created on ‎12-02-2025 10:22 PM

Article Id 417509

Troubleshooting Tip: Session not found when view session despite showing in the session logs

Description This article describes how to troubleshoot the issue session not found when viewing the session, despite showing in the session logs.
Scope FortiNDR v7.6.3
Solution

When selecting 'View Session' on the specific attack types, it will show the error 'Session Not Found' even though there is a session log showing.

 

image.png

 

When searching for the specific session ID in the NDR Log -> Session also unable to find the log for that specific session ID.

 

image.png

 

This issue happened after upgrading the FortiNDR firmware to v7.6.3 GA. To troubleshoot the issue, run command below.

 

diagnose debug database error-log

 

Find if the output for 'diagnose database error-log' returns errors as per below.

  • Dictionary definition contains unsupported elements
  • Cannot attach table
  • Waited job failed

 

Example:

 

2025.10.28 15:52:31.576572 [ 5773 ] {} <Error> TCPHandler: Code: 722. DB::Exception: Waited job failed: Code: 696. DB::Exception: Load job 'startup table sniffer.file_preprocess' -> Code: 696. DB::Exception: Load job 'load table sniffer.file_preprocess' -> Code: 695. DB::Exception: Load job 'load table sniffer.static_filter_dict' failed: Code: 489. DB::Exception: The dictionary definition contains unsupported elements. Please update the dictionary definition to remove function usage: Cannot attach table `sniffer`.`static_filter_dict` from metadata file store/ac6/ac60407c-98e6-4775-83ac-cc057382eaa8/static_filter_dict.sql from query CREATE DICTIONARY sniffer.static_filter_dict UUID '1720a335-f8d1-4e56-af97-bd8550a7a786' (`hash_sip` UInt64, `mal_bit` Int8) PRIMARY KEY hash_sip SOURCE(CLICKHOUSE(HOST 'localhost' PORT tcpPort() DB 'sniffer' QUERY 'select hash_sip,argMax(mal_bit,entrydate) as mal_bit from sniffer.static_filter group by hash_sip')) LIFETIME(MIN 0 MAX 0) LAYOUT(HASHED(PREALLOCATE 1)) COMMENT 'In-memory dictionary for static_filter'. (INCORRECT_DICTIONARY_DEFINITION), Stack trace (when copying this message, always include the lines below):

 

If the output for 'diagnose debug database error-log' returns an error as per above, run the command below.

 

diagnose system db-fix-metadata

 

Monitor if the issue is resolved after running the above command. If the issue persists, run the command 'execute db restore'.
39
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.