Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
premchanderr
Staff
Staff

Created on ‎03-15-2024 03:48 AM

Article Id 304819

Technical Tip: The 'Connection Refused' error in FortiSIEM GUI

Description This article describes how to troubleshoot the 'Connection Refused' error in FortiSIEM GUI > Analytics search 
Scope FortiSIEM v6.x+.
Solution

When running a search in analytics it immediately fails with a 'Connection Refused' error even for small time intervals. 

This would occur if storage is not mounted or storage-related configuration is incorrect. 

 

Here are a few checks to fix this issue:

  1. Validate if correct values are displayed in FortiSIEM GUI -> Admin -> Setup -> Storage.
  2. In the backend check if storage is mounted, enough free space, and permissions are admin.admin:

 

# df -h

# ls -lah /data/eventdb/

 

  1. Note down the FQDN value of super from the health tab. Run #configFSM.sh to re-run with the same or correct network configuration. Do note this requires a reboot of the system.
  2. Ensure /etc/hosts have the below lines:

 

127.0.0.1 localhost localhost.localdomain
::1 localhost localhost.localdomain
Super-IP   Super-Hostname


It is possible now to perform a search and view events in FortiSIEM GUI.  If the issue persists, it is then specific to the environment and a support engineer can help via the support platform.
Labels:
120
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.