Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sguru
New Contributor

Fortianalyzer not showing logs in Fortiview

Hi All,

 

Good day...!

 

We have 2 fortigates which are configured to send all the logs to the FortiAnalyzer. The point is that we dont see any logs in "fortiview and log view", but the device is receiving logs. Its stuck like loading the information

 

Recently we upgraded Fortianalyzer-1000D from version 5.0 to 5.2.5. After upgrading, logs are not showing in Fortiview even rebuild the SQL database.

 

Already I tried to format the FA and install the firmware 5.2.5 directly, followed the standard way to rebuild the SQL database on multiple times but no luck. Then I restore the backup logs existing firewall logs. There is no much logs in storage even I given enough time to rebuild like a week.

 

If anyone knows the solution to resolve this issue? expecting your reply

 

Fortianalyzer 1000D Info:

--------------------

Current version : v5.2.5-build3175 160119 (GA) 

Error message in fortiview: "No entry found" 

Error message in log view: "No record found"

Log browse: I can see all the logs which is receiving from firewall

sqllogd services utilizing 100% cpu, all other services normal ( exec top)

Log volume in 7 days: 219.64 MB/day

 

FortiGate 300D Info:

 

Current Version: v5.2.5,build701 (GA)

Log setting configured to send the log to Fortianalyzer and local HDD

 

Thanks

Sivaguru D

14 REPLIES 14
awasfi_FTNT
Staff
Staff

Hello,

There are some known issues on FortiAnalyzer v5.2.5 related to FortiView which have been fixed on v5.2.6 and later.

I think the best if to upgrade to latest v5.2 version v5.2.10.

Regards

 

 

sguru

Hi,

 

Thanks for your inputs, I have updated latest version 5.2.10, which is not help me to resolve this issue. Still problem is continuing. 

 

I can't able to see the logs in fortiview => summary view , Log view. If am change the settings in Tools->Real time logs-> am able to see the logs in Log view. This is applicable for all options under Log view.

 

Already I formatted the FA completely and then restore the images 5.2.5 directly, deleted the sql DB and recreate it, now upgraded to 5.2.10, still my issues not resolved.

 

I had restore the backup logs of existing 310B firewall also, Is this cause this kind of issue?

 

Is there any other setting need to be enabled..? 

 

If anyone have idea, please share with me.

 

Regards, Sguru

awasfi_FTNT

Hi,

 

So you are saying real time logs can be seen but historical logs.

>> When you go to log view >> log browse you should see logs files. Can you display the content logs? Select one file and click on display...

>> Did you try different browsers?

>> Did you rebuild the database after restoring the logs or before?

>> Can you enable Administrative Domain and check the ADOM version that the FortiGate belongs to under "System Settings All ADOMs". For example if the root ADOM which the FortiGate added to is on v5.0 then you should create a new v5.2 ADOM and add the FortiGate to it then rebuild the database.

>> Is it possible to capture the output of:

get  system  status

execute top     <<-- use "q" to stop it

get  system  performance

diagnose  dvm device list

diag sql show db-size

diag sql status rebuild-db diag sql status sqlplugind 

diag debug crashlog read

 

Regards,

sguru

Hi,

 

Yes, am able to see the logs in  log view >> log browse you should see logs files

I tried different browsers but no luck

I tried to rebuild the DB  after restoring the logs. (fortiview not showing the logs, then initiate the rebuild db)

Today I upgraded latest 5.2.10 and now initiated the rebuild DB

 

The below logs are captured during the DB rebuilding activity is going on.

 

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2017.01.23 13:07:16 =~=~=~=~=~=~=~=~=~=~=~= login as: admin Using keyboard-interactive authentication. Password: FAZ1000D # get system statusPlatform Type : FAZ1000D Platform Full Name : FortiAnalyzer-1000D Version : v5.2.10-build0786 170112 (GA) Serial Number : FL-1KD3A14123455 BIOS version : 00010003 System Part-Number : P13276-01 Hostname : FAZ1000D Max Number of Admin Domains : 2000 Admin Domain Configuration : Disabled FIPS Mode : Disabled Branch Point : 0786 Release Version Information : GA Current Time : Mon Jan 23 13:07:37 GST 2017 Daylight Time Saving : Yes Time Zone : (GMT+4:00) Abu Dhabi, Muscat. x86-64 Applications : Yes Disk Usage : Free 5371.31GB, Total 5499.82GB File System : Ext4

FAZ1000D # exec toptop_bin - 13:07:51 up 1:49, 0 users, load average: 1.52, 1.67, 1.71 Tasks: 152 total, 1 running, 151 sleeping, 0 stopped, 0 zombie Cpu(s): 21.4%us, 4.7%sy, 0.0%ni, 73.6%id, 0.3%wa, 0.0%hi, 0.0%si, 0.0%st Mem:  16416344k total, 5617080k used, 10799264k free, 32092k buffers Swap: 2076536k total, 0k used, 2076536k free, 4632180k cached   PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND   641 root 20 0 247m 52m 7372 S 97 0.3 110:12.81 sqllogd   1 root 20 0 154m 11m 6164 S 0 0.1 0:04.81 initXXXXXXXXXXX   2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd   3 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0   4 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/0:0   6 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0   7 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/1   8 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/1:0   9 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1   10 root 20 0 0 0 0 S 0 0.0 0:16.44 kworker/0:1   11 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/2   12 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:0   13 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/2   14 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/3   15 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/3:0   16 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/3   17 root 0 -20 0 0 0 S 0 0.0 0:00.00 khelper top_bin - 13:07:54 up 1:49, 0 users, load average: 1.56, 1.67, 1.71 Tasks: 152 total, 1 running, 151 sleeping, 0 stopped, 0 zombie Cpu(s): 22.1%us, 4.7%sy, 0.0%ni, 73.2%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem:  16416344k total, 5617708k used, 10798636k free, 32104k buffers Swap: 2076536k total, 0k used, 2076536k free, 4632192k cached   PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND   641 root 20 0 247m 52m 7372 S 100 0.3 110:15.82 sqllogd   636 root -13 0 360m 285m 19m S 0 1.8 0:02.92 fortilogd.main   1 root 20 0 154m 11m 6164 S 0 0.1 0:04.81 initXXXXXXXXXXX   2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd   3 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0   4 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/0:0   6 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0   7 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/1   8 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/1:0   9 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1   10 root 20 0 0 0 0 S 0 0.0 0:16.44 kworker/0:1   11 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/2   12 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:0   13 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/2   14 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/3   15 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/3:0   16 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/3 top_bin - 13:07:57 up 1:49, 0 users, load average: 1.51, 1.66, 1.71 Tasks: 152 total, 1 running, 151 sleeping, 0 stopped, 0 zombie Cpu(s): 20.1%us, 4.9%sy, 0.0%ni, 75.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem:  16416344k total, 5617708k used, 10798636k free, 32104k buffers Swap: 2076536k total, 0k used, 2076536k free, 4632200k cached   PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND   641 root 20 0 247m 52m 7372 S 100 0.3 110:18.82 sqllogd   10 root 20 0 0 0 0 S 0 0.0 0:16.45 kworker/0:1   496 root 20 0 163m 11m 4544 S 0 0.1 0:03.10 dmserver   1 root 20 0 154m 11m 6164 S 0 0.1 0:04.81 initXXXXXXXXXXX   2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd   3 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0   4 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/0:0   6 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0   7 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/1   8 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/1:0   9 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1 

 

 

top_bin - 13:08:00 up 1:49, 0 users, load average: 1.51, 1.66, 1.71 Tasks: 152 total, 1 running, 151 sleeping, 0 stopped, 0 zombie Cpu(s): 22.6%us, 4.3%sy, 0.0%ni, 73.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem:  16416344k total, 5617708k used, 10798636k free, 32116k buffers Swap: 2076536k total, 0k used, 2076536k free, 4632220k cached   PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND   641 root 20 0 247m 52m 7372 S 100 0.3 110:21.83 sqllogd   10 root 20 0 0 0 0 S 0 0.0 0:16.46 kworker/0:1   2893 root 20 0 165m 9088 2756 S 0 0.1 0:00.68 httpd   7072 root 20 0 9536 1104 736 R 0 0.0 0:00.01 top_bin   1 root 20 0 154m 11m 6164 S 0 0.1 0:04.81 initXXXXXXXXXXX   2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd   3 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0   4 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/0:0   6 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0   7 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/1   8 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/1:0   9 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1   11 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/2   12 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:0   13 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/2   14 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/3   15 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/3:0 top_bin - 13:08:03 up 1:49, 0 users, load average: 1.47, 1.65, 1.70 Tasks: 152 total, 2 running, 150 sleeping, 0 stopped, 0 zombie Cpu(s): 21.7%us, 4.2%sy, 0.0%ni, 74.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem:  16416344k total, 5617732k used, 10798612k free, 32124k buffers Swap: 2076536k total, 0k used, 2076536k free, 4632232k cached   PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND   641 root 20 0 247m 52m 7372 S 100 0.3 110:24.84 sqllogd   10 root 20 0 0 0 0 S 0 0.0 0:16.47 kworker/0:1   763 postgres 20 0 3344m 40m 33m S 0 0.3 0:00.14 postgres   1 root 20 0 154m 11m 6164 S 0 0.1 0:04.81 initXXXXXXXXXXX   2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd   3 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0   4 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/0:0   6 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0   7 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/1   8 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/1:0   9 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1   11 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/2   12 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:0   13 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/2   14 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/3   15 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/3:0   16 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/3 top_bin - 13:08:06 up 1:49, 0 users, load average: 1.47, 1.65, 1.70 Tasks: 152 total, 1 running, 151 sleeping, 0 stopped, 0 zombie Cpu(s): 20.4%us, 5.5%sy, 0.0%ni, 74.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem:  16416344k total, 5618204k used, 10798140k free, 32124k buffers Swap: 2076536k total, 0k used, 2076536k free, 4632248k cached   PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND   641 root 20 0 247m 52m 7372 S 100 0.3 110:27.84 sqllogd   496 root 20 0 163m 11m 4544 S 0 0.1 0:03.11 dmserver   594 root 20 0 189m 6644 3916 S 0 0.0 0:00.20 fctlinkd 

 

 

 

 10 root 20 0 0 0 0 S 0 0.0 0:16.47 kworker/0:1   11 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/2   12 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:0   13 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/2   14 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/3   15 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/3:0 top_bin - 13:08:09 up 1:49, 0 users, load average: 1.51, 1.66, 1.71 Tasks: 152 total, 1 running, 151 sleeping, 0 stopped, 0 zombie Cpu(s): 21.2%us, 4.7%sy, 0.0%ni, 74.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem:  16416344k total, 5618204k used, 10798140k free, 32136k buffers Swap: 2076536k total, 0k used, 2076536k free, 4632260k cached   PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND   641 root 20 0 247m 52m 7372 S 100 0.3 110:30.85 sqllogd   10 root 20 0 0 0 0 S 0 0.0 0:16.48 kworker/0:1   1 root 20 0 154m 11m 6164 S 0 0.1 0:04.81 initXXXXXXXXXXX   2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd   3 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0   4 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/0:0   6 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0   7 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/1   8 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/1:0   9 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1   11 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/2   12 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:0   13 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/2   14 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/3   15 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/3:0   16 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/3   17 root 0 -20 0 0 0 S 0 0.0 0:00.00 khelper top_bin - 13:08:12 up 1:50, 0 users, load average: 1.47, 1.65, 1.70 Tasks: 152 total, 1 running, 151 sleeping, 0 stopped, 0 zombie Cpu(s): 21.0%us, 5.1%sy, 0.0%ni, 73.9%id, 0.0%wa, 0.0%hi, 0.1%si, 0.0%st Mem:  16416344k total, 5617956k used, 10798388k free, 32136k buffers Swap: 2076536k total, 0k used, 2076536k free, 4632272k cached   PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND   641 root 20 0 247m 52m 7372 S 100 0.3 110:33.85 sqllogd   10 root 20 0 0 0 0 S 0 0.0 0:16.49 kworker/0:1   7072 root 20 0 9536 1104 736 R 0 0.0 0:00.02 top_bin   1 root 20 0 154m 11m 6164 S 0 0.1 0:04.81 initXXXXXXXXXXX   2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd   3 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0   4 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/0:0   6 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0   7 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/1   8 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/1:0   9 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1   11 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/2   12 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:0   13 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/2   14 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/3   15 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/3:0   16 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/3 top_bin - 13:08:15 up 1:50, 0 users, load average: 1.47, 1.65, 1.70 Tasks: 152 total, 1 running, 151 sleeping, 0 stopped, 0 zombie Cpu(s): 21.7%us, 4.2%sy, 0.0%ni, 74.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem:  16416344k total, 5618080k used, 10798264k free, 32144k buffers Swap: 2076536k total, 0k used, 2076536k free, 4632296k cached   PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND   641 root 20 0 247m 52m 7372 S 100 0.3 110:36.86 sqllogd   10 root 20 0 0 0 0 S 0 0.0 0:16.50 kworker/0:1   1 root 20 0 154m 11m 6164 S 0 0.1 0:04.81 initXXXXXXXXXXX   2 root 20 0 0 0 0 S 0 0.0 0:00.00 kthreadd   3 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/0   4 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/0:0   6 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/0   7 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/1   8 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/1:0   9 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/1   11 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/2   12 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/2:0   13 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/2   14 root RT 0 0 0 0 S 0 0.0 0:00.00 migration/3   15 root 20 0 0 0 0 S 0 0.0 0:00.00 kworker/3:0   16 root 20 0 0 0 0 S 0 0.0 0:00.00 ksoftirqd/3   17 root 0 -20 0 0 0 S 0 0.0 0:00.00 khelper 

FAZ1000D # get system perfaoormatnnceCPU: Used: 25.98% Used(Excluded NICE): 25.98% %used %user %nice %sys %idle %iowait %irq %softirq CPU0 1.60 1.54 0.00 0.07 98.40 0.00 0.00 0.00 CPU1 0.13 0.07 0.00 0.07 99.87 0.00 0.00 0.00 CPU2 2.07 1.94 0.00 0.13 97.93 0.00 0.00 0.00 CPU3 100.00 81.68 0.00 18.32 0.00 0.00 0.00 0.00 Memory: Total: 18,492,880 KB Used: 984,340 KB 5.3% Hard Disk: Total: 5,766,984,312 KB Used: 134,758,460 KB 2.3% IOStat: tps r_tps w_tps r_kB/s w_kB/s queue wait_ms svc_ms %util sampling_sec 6.9 3.9 2.9 642.0 84.8 0.0 2.8 1.9 1.3 6616.70 Flash Disk: Total: 253,871 KB Used: 63,865 KB 25.2% IOStat: tps r_tps w_tps r_kB/s w_kB/s queue wait_ms svc_ms %util sampling_sec 0.0 0.0 0.0 0.0 0.0 0.0 22.7 8.1 0.0 6616.74

FAZ1000D # disag dvmdevi device listThere are currently 4 devices/vdoms managed:

TYPE OID SN HA IP NAME ADOM IPS FIRMWARE faz enabled 134 FG300B3908605870 - 172.16.25.3 FG300B3908605870 root N/A 5.0 MR0 (1) |- STATUS: db: unknown; conf: unknown; cond: unknown; dm: none; conn: unknown |- vdom:[3]root flags:0 adom:root pkg:[never-installed] faz enabled 120 FG300B3908605955 - 172.16.25.3 root N/A 5.0 MR0 (1) |- STATUS: db: unknown; conf: unknown; cond: unknown; dm: none; conn: unknown |- vdom:[3]root flags:0 adom:root pkg:[never-installed] faz enabled 189 FGT3HD3916801477 - 172.16.25.3 XXXHA-PRIMARY root N/A 5.0 MR2 (701) |- STATUS: db: unknown; conf: unknown; cond: unknown; dm: none; conn: unknown |- vdom:[3]root flags:0 adom:root pkg:[never-installed] faz enabled 204 FGT3HD3916800928 - 172.16.25.3 XXXHA-SECONDARY root N/A 5.0 MR2 (701) |- STATUS: db: unknown; conf: unknown; cond: unknown; dm: none; conn: unknown |- vdom:[3]root flags:0 adom:root pkg:[never-installed]

---End device list---

FAZ1000D # diag sql show db-suizeSize: 10.69 MB

FAZ1000D # diag swlql status rebuild-db Rebuilding log SQL database has been processed 0%

FAZ1000D # diag sql status rebuild-dbsqlplugind PID: 643, now: 1485162577, uptime: 6663 Thread registered: 2 Log insert speed: logs/5sec: 0.0, logs/60sec: 0.0 Overall: 0.0 (0) Log received: logs=0 bat=0 avg-bat-sz=0 ack=0 ack-drop=0 ack-err=0 bat-recv=0 misc-recv=0 writers=1 indexers=1 tri-force=0 logtab: new-dbtbl=0 orphan=0 zombie=0 master-tbl:new=0/free=0 child-tbl:new=0/free=0 logtab: master-tbl create_err=0, child-tbl create-err=0 tr-err=0, new-retry=0 commit-locate-err: adom=0 master-tbl=0(oldtm=0) child-tbl=0 trim: req=1 drop-tbl=0 total-sz=0(MB) chkdisk=222 diskfull=0 mdevtree=0 abort=0 toohuge=0 trim-alerts: trim=0 total=0, flush=0 total=0

sqldata: batch=0 insert=0 update=0 alert=0 al-log=0 al-flush=0 dup_batch=0 invalid_sql=0 tasklist-tri: add=0 renew=0 run=0 save=0 tasklist-reg: add=0 renew=0 run=0 save=0 index-task: add=0 renew=0 drop=0 done=0 task-stats: new=0 free=0

recv-conn: accept=1 close=0 close-conn: idle=20 threshold=0 all_threshold=0

FAZ1000D # diag debutg crashlog read FAZ1000D # FAZ1000D # diag debug crashlog read FAZ1000D # endUnknown action 0

FAZ1000D # exit

 

Thanks

 

Regards, Sguru

 

 

awasfi_FTNT

Hi,

 

Wait till rebuild finish. Use following command to confirm:

# diag sql status rebuild-db

Then enable Administrative Domain and check the ADOM version that the FortiGate belongs to under "System Settings All ADOMs". If FortiGate running v5.2 and added to v5.0 ADOM then you need to create a new v5.2 ADOM and move v5.2 devices to it.

 

Regards,

sguru

Hi,

 

Still sql database rebuilding is not completed, am waiting more than one day.

Before we are not enable the ADOM while we add the existing and new firewall.

 

Please explain how enabling the ADOM will resolve this logging issue.

 

Regards, Sguru

awasfi_FTNT

Hi,

 

We need to check the firmware version of "root" ADOM which all devices added to it.

If the ADOM firmware version for example on v5.0 and the device running firmware v5.2 it will cause incompatibility issues as the database is different.

Even if still the issue not fixed, adding the devices to correct ADOM version will ensure database compatibility and avoid any issues in the future.

If I'm not wrong I can see the device is running v5.2 and "root" ADOM version is v5.0 per the output of "diag dvm device list"

Also you can use command "diag dvm adom list" to confirm the firmware of "root" ADOM.

 

Regards,

sguru

Hi,

 

Thanks for your valuable info, Please clarify below things

 

1. ADOM creation will affect the existing log stored in FA?

2. Can I add the old 310B logs to new ADOM ?

3. Is new ADOM will support all firewalls (OS version either 5.2 or 5.4)

4. Is it affect the customized setting in FortiAnalyzer?

Regards, Sguru

 

awasfi_FTNT

Hello,

 

1. ADOM creation will affect the existing log stored in FA?

No

2. Can I add the old 310B logs to new ADOM ?

Yes from CLI:

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD36255&sliceId=1... 0 21714326

3. Is new ADOM will support all firewalls (OS version either 5.2 or 5.4)

Yes, since FortiAnalyzer running v5.4, so what you need to do is creating separate ADOM for each firmware. Example v5.2ADOM for any device running v5.2.x firmware and v5.4 ADOM for any device running v5.4.x firmware.

4. Is it affect the customized setting in FortiAnalyzer?

May affect  settings so I recommend to export  custom reports/charts and copy any custom datasets that you have then you can add them later if lost.

Also backup the previously created reports if needed.

To export/import reports/charts right click then export/import

 

Regards