We have 2 fortigates which are configured to send all the logs to the FortiAnalyzer. The point is that we dont see any logs in "fortiview and log view", but the device is receiving logs. Its stuck like loading the information
Recently we upgraded Fortianalyzer-1000D from version 5.0 to 5.2.5. After upgrading, logs are not showing in Fortiview even rebuild the SQL database.
Already I tried to format the FA and install the firmware 5.2.5 directly, followed the standard way to rebuild the SQL database on multiple times but no luck. Then I restore the backup logs existing firewall logs. There is no much logs in storage even I given enough time to rebuild like a week.
If anyone knows the solution to resolve this issue? expecting your reply
Fortianalyzer 1000D Info:
Current version : v5.2.5-build3175 160119 (GA)
Error message in fortiview: "No entry found"
Error message in log view: "No record found"
Log browse: I can see all the logs which is receiving from firewall
sqllogd services utilizing 100% cpu, all other services normal ( exec top)
Log volume in 7 days: 219.64 MB/day
FortiGate 300D Info:
Current Version: v5.2.5,build701 (GA)
Log setting configured to send the log to Fortianalyzer and local HDD
I took backup from fortianalyzer and then created the ADOM for 5.2, Then I initiated the rebuild sql database and its showing progress as 1%. (last 24 hrs).
Find the below outputs and FIREWALL is newly created ADOM.
FAZ1000D#diagnose sql status rebuild-db
Rebuilding log SQL database has been processed 0%
FAZ1000D# diag dvm adom list
There are currently 12 ADOMs
OID STATE PRODUCT OSVER MR NAME MODE VPN MANAGEMENT IPS
219 enabled FOS 5.0 2 FIREWALL normal Central VPN Console N/A
Am able to see the logs under Log view -> Log Browse -> list of logs ***.log, the type showing Event and Traffic. If I select the anyone of the file *****.log and display then I can able to see the live logs which is today date.
I hope everything going fine and I need to wait for completing the rebuilding process.