Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sguru
New Contributor

Fortianalyzer not showing logs in Fortiview

Hi All,

 

Good day...!

 

We have 2 fortigates which are configured to send all the logs to the FortiAnalyzer. The point is that we dont see any logs in "fortiview and log view", but the device is receiving logs. Its stuck like loading the information

 

Recently we upgraded Fortianalyzer-1000D from version 5.0 to 5.2.5. After upgrading, logs are not showing in Fortiview even rebuild the SQL database.

 

Already I tried to format the FA and install the firmware 5.2.5 directly, followed the standard way to rebuild the SQL database on multiple times but no luck. Then I restore the backup logs existing firewall logs. There is no much logs in storage even I given enough time to rebuild like a week.

 

If anyone knows the solution to resolve this issue? expecting your reply

 

Fortianalyzer 1000D Info:

--------------------

Current version : v5.2.5-build3175 160119 (GA) 

Error message in fortiview: "No entry found" 

Error message in log view: "No record found"

Log browse: I can see all the logs which is receiving from firewall

sqllogd services utilizing 100% cpu, all other services normal ( exec top)

Log volume in 7 days: 219.64 MB/day

 

FortiGate 300D Info:

 

Current Version: v5.2.5,build701 (GA)

Log setting configured to send the log to Fortianalyzer and local HDD

 

Thanks

Sivaguru D

14 REPLIES 14
sguru
New Contributor

Hi,

 

I took backup from fortianalyzer and then created the ADOM for 5.2, Then I initiated the rebuild sql database and its showing progress as 1%. (last 24 hrs).

 

Find the below outputs and FIREWALL is newly created ADOM.

 

FAZ1000D#diagnose sql status rebuild-db

Rebuilding log SQL database has been processed 0%

 

FAZ1000D# diag dvm adom list

There are currently 12 ADOMs

OID     STATE     PRODUCT     OSVER    MR    NAME              MODE     VPN MANAGEMENT      IPS

219     enabled   FOS              5.0          2       FIREWALL      normal    Central VPN Console    N/A

****

****

 

Am able to see the logs under Log view -> Log Browse -> list of logs ***.log, the type showing Event and Traffic. If I select the anyone of the file *****.log and display then I can able to see the live logs which is today date.

 

I hope everything going fine and I need to wait for completing the rebuilding process.

 

Is it do any-other commands need to execute,

 

Regards, Sguru

awasfi_FTNT

Hello,

Just check if rebuilding database progressing or stuck using the command:

# diag sql status rebuild-db

If stuck you may need to initiate again.

Regards, 

 

Network_Guy
New Contributor

Didn't know how it works kindly help me up on this matter thank you so much

sguru
New Contributor

Hi,

 

I tried in many times, no luck to resolve this issue. Again it shows the same message for the command 

 

diagnose sql status rebuild-db

Rebuilding log SQL database has been processed 0%

 

Is it upgrading to 5.4 or latest version will resolve this issue...?

 

Regards,

Sguru

awasfi_FTNT

Hello,

Try to rebuild the database per the following steps:

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD36458&sliceId=1... 0 100139590

 

Regards,