Help
FortiSIEM Discussions
HafizJasmi
New Contributor

Created on ‎12-28-2020 10:51 PM

No data Issue

Dear All,


I am using FortiSIEM 5.3.1, i notice some issue when click on Event tab, it suppose to show the details regarding the alert like raw log but i keep getting No data. Any idea why?

446
0 Kudos
2 REPLIES 2
DanielHanman
Staff
Staff

Created on ‎12-29-2020 11:52 AM

Hi Muhammad,

This is under the Incident Tab / select and Incident / Events ... obviously it should be showing data.

Can you do some basic checks from the CLI as root user:

phstatus

--all processes should be up. Make sure your SSH console screen if full screen.

dh -h

-- make sure you have disk space -the /data drive if using the native event database should not be 100% as the system should manage the storage.

top

-- check the load is not too high.. anything <4 should be ok.

How old is the Incident and what is the Rule?

Do you see other event data from that same time period if you run an analytical search?

Thanks

Dan



------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
-------------------------------------------
Original Message:
Sent: Dec 28, 2020 10:51 PM
From: Muhammad Hafiz Safwan Bin Jasmi
Subject: No data Issue

Dear All,


I am using FortiSIEM 5.3.1, i notice some issue when click on Event tab, it suppose to show the details regarding the alert like raw log but i keep getting No data. Any idea why?

446
0 Kudos
HafizJasmi
New Contributor
In response to DanielHanman

Created on ‎01-13-2021 02:20 AM

Hi Daniel,

The issue resolve when we reboot collector

-------------------------------------------
Original Message:
Sent: Dec 29, 2020 11:51 AM
From: Daniel Hanman
Subject: No data Issue

Hi Muhammad,

This is under the Incident Tab / select and Incident / Events ... obviously it should be showing data.

Can you do some basic checks from the CLI as root user:

phstatus

--all processes should be up. Make sure your SSH console screen if full screen.

dh -h

-- make sure you have disk space -the /data drive if using the native event database should not be 100% as the system should manage the storage.

top

-- check the load is not too high.. anything <4 should be ok.

How old is the Incident and what is the Rule?

Do you see other event data from that same time period if you run an analytical search?

Thanks

Dan



------------------------------
Daniel
FortiSIEM Product Manager
------------------------------

Original Message:
Sent: Dec 28, 2020 10:51 PM
From: Muhammad Hafiz Safwan Bin Jasmi
Subject: No data Issue

Dear All,


I am using FortiSIEM 5.3.1, i notice some issue when click on Event tab, it suppose to show the details regarding the alert like raw log but i keep getting No data. Any idea why?

446
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.