FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Article Id 249839
Description This article is a troubleshooting guide when FortiSIEM is hard down and the DBSvr will not start.
Scope FortiSIEM Supervisor (SIEM Version 6.x.x).

View the error log and see a similar log entry:
cat /cmdb/data/pg_log/postgresql.log

023-03-20 19:06:10.562 GMT >LOG: starting PostgreSQL 13.7 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-10), 64-bit
< 2023-03-20 19:06:10.562 GMT >LOG: listening on IPv4 address "", port 5432
< 2023-03-20 19:06:10.562 GMT >LOG: listening on IPv6 address "::", port 5432
< 2023-03-20 19:06:10.564 GMT >LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
< 2023-03-20 19:06:10.566 GMT >LOG: listening on Unix socket "/tmp/.s.PGSQL.5432"
< 2023-03-20 19:06:10.571 GMT >LOG: database system was interrupted; last known up at 2023-03-07 19:50:59 GMT
< 2023-03-20 19:06:10.674 GMT >LOG: invalid primary checkpoint record
< 2023-03-20 19:06:10.674 GMT >PANIC: could not locate a valid checkpoint record
< 2023-03-20 19:06:10.676 GMT >LOG: startup process (PID 18951) was terminated by signal 6: Aborted
< 2023-03-20 19:06:10.676 GMT >LOG: aborting startup due to startup process failure
< 2023-03-20 19:06:10.683 GMT >LOG: database system is shut down


Reason For the Error:

FortiSIEM is looking for a checkpoint record in the transaction log that doesn't exist or is corrupted. It is necessary to reset the write-ahead log and other control information of a PostgreSQL database cluster.


Proceed to the workaround:

1) Log into the super as root and stop the backend process

#phxctl stop backend


2) Change the user to postgres and run the command to reset the write-ahead log:


#su postgres

#/usr/pgsql-13/bin/pg_resetwal -f /cmdb/data
Write-ahead log reset
3) Switch user root and start the backend process
#phxctl start backend
4) Rebuilding app server can help any stale connections if Phoenix serveries are still down:
#su admin:
#cd /opt/phoenix/deployment/
#./ phoenix.ear --force