When encountering issues in FortiSIEM, investigate these logs to gather information for troubleshooting:

1. Backend logs.

Run:

tail -f /opt/phoenix/log/phoenix.log

Contains information related to the backend processes of FortiSIEM.
Includes details about data processing, system events, errors, and backend activities within the application.

2. HTTPD Logs.

Run:

tail -f /var/log/httpd/ssl_access_log
tail -f /var/log/httpd/ssl_error_log

• ssl_access_log: Records all requests made to the Apache HTTP server involving SSL connections. Includes client IP address, requested URL, and HTTP response codes.

• ssl_error_log: Captures error messages and warnings related to SSL, such as handshake failures, certificate issues, and other SSL-related errors.

3. Appsvr Logs.

tail -f /opt/glassfish/domains/domain1/logs/phoenix.log
tail -f /opt/glassfish/domains/domain1/logs/server.log

• phoenix.log (Appsvr path): Tracks application-specific logs for Phoenix, including deployments, startup/shutdown events, and Phoenix-related activities.

• server.log: Provides general GlassFish server logs, covering application deployments, server startup, errors, and overall server activity.

4. FortiSIEM Backend Processes.

phstatus

• Displays the status of backend processes running in FortiSIEM.

• Useful for verifying if all required services are operational.

Key Takeaway.

By collecting and analyzing logs from the above locations and checking process status, administrators can narrow down the cause of FortiSIEM issues.

• Search for the identified errors in the Fortinet Community Forum for troubleshooting and technical steps.

• If further assistance is required, contact Fortinet Support and provide the relevant log excerpts for faster resolution.