Navigating to ADMIN -> Settings -> ClickHouse Config in GUI and selecting 'Test' fails with the error 'ClickHouse test error: ClickHouse Restart Failure'. This indicates that the clickhouse-server.service is down on the Supervisor node.

Common Cause: IPv6 Disabled.

If IPv6 is disabled on the Supervisor node, the following errors may be noticed in the system logs:

1. ClickHouse Error Log: The ClickHouse error log located at /opt/clickhouse/log/clickhouse-server.err.log will contain an error similar to the following:
   

2025.02.11 13:49:56.077157 [ 35887 ] {} <Error> Application: DB::Exception: Listen [::]:9009 failed: Poco::Exception. Code: 1000, e.code() = 0, DNS error: EAI: Address family for hostname not supported (version 23.8.12.13 (official build))

2. Journalctl Output: Run the following command:

journalctl -xe --no-pager

It will display an error like the following:

Feb 11 13:51:52 fsm724SupClickH "phClickHouseMonitor"[4708]: dial tcp4 127.0.0.1:8123: connect: connection refused

Solution: Enabling IPv6 on the FortiSIEM Node.

1. Edit Network Configuration:

Open the network configuration file for eth0:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Remove the line IPV6_DISABLED=yes, if present.

2. Edit the sysctl Configuration: First, open the sysctl.conf file:
   

vi /etc/sysctl.conf

Remove the following lines if present:

net.ipv6.conf.all.disable_ipv6 = 1

net.ipv6.conf.default.disable_ipv6 = 1

3. Reboot the Supervisor node:

After making the changes, reboot the Supervisor node to apply the new settings:

reboot