Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Bipins
New Contributor

Fortisiem browsing issue

I recently deployed a siem 5.2.5 in kvm image in a Nutanix prism.. Was able to install successfully, but after installation , i cannot browse on its IP on 443. It is giving me 404 error. I cannot even upload license.

 

PROCESS UPTIME CPU% VIRT_MEM RES_MEM

phParser DOWN phQueryMaster DOWN phRuleMaster DOWN phRuleWorker DOWN phQueryWorker DOWN phDataManager DOWN phDiscover DOWN phReportWorker DOWN phReportMaster DOWN phIpIdentityWorker DOWN phIpIdentityMaster DOWN phAgentManager DOWN phCheckpoint DOWN phPerfMonitor DOWN phReportLoader DOWN phBeaconEventPackager DOWN phDataPurger DOWN phEventForwarder DOWN phMonitor 07:41:08 0 979m 538m Apache 07:41:50 0 223m 6008 Node.js-charting 07:41:35 0 923m 80m Node.js-pm2 07:41:09 0 0 55m AppSvr 07:42:26 0 12287m 790m DBSvr 07:42:37 0 376m 28m Redis 07:42:28 0 130m 7600

3 REPLIES 3
FSM_FTNT
Staff
Staff

Hi,

 

What are you using as the event DB?

 

Did you install using the /opt/vmware/share/vami/vami_config_net script?

 

Did you set a proxy?

Can you provide output of these commands

 

fdisk -l

ifconfig

 

Any errors in 

/opt/glassfish/domains/domain1/logs/phoenix.log

 

Thanks

 

 

Bipins

HI , thanks for response. Please find the requested answers

 

Yes, i did installed /opt/vmware/share/vami/vami_config_net script.

 

There is no phoenix.log file 

[root@SCN_FORTISIEM ~]# cd /opt/glassfish/domains/domain1/logs/ [root@SCN_FORTISIEM logs]# ls jvm.log server.log_2020-07-12T14-39-23 server.log server.log_2020-07-13T12-08-10 [root@SCN_FORTISIEM logs]#

 

=======================================

ifconfig o/p

[root@SCN_FORTISIEM ~]# ifconfig eth0 Link encap:Ethernet HWaddr 50:6B:8D:94:04:35 inet addr:192.168.0.170 Bcast:192.168.1.255 Mask:255.255.254.0 inet6 addr: fe80::526b:8dff:fe94:435/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1587325 errors:0 dropped:0 overruns:0 frame:0 TX packets:1254 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2373084529 (2.2 GiB) TX bytes:231167 (225.7 KiB)

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:275367 errors:0 dropped:0 overruns:0 frame:0 TX packets:275367 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:42308721 (40.3 MiB) TX bytes:42308721 (40.3 MiB)

 

===================================================

fdisk -l o/p

[root@SCN_FORTISIEM ~]# fdisk -l

Disk /dev/sdb: 64.4 GB, 64424509440 bytes 255 heads, 63 sectors/track, 7832 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 1048576 bytes Disk identifier: 0x00091edd

Device Boot Start End Blocks Id System /dev/sdb1 1 7832 62910539+ 83 Linux Partition 1 does not start on physical sector boundary.

Disk /dev/sda: 85.9 GB, 85899345920 bytes 255 heads, 63 sectors/track, 10443 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 1048576 bytes Disk identifier: 0x00050843

Device Boot Start End Blocks Id System /dev/sda1 * 1 17 131072 83 Linux Partition 1 does not end on cylinder boundary. /dev/sda2 17 3150 25165824 82 Linux swap / Solaris /dev/sda3 3150 10444 58588160 83 Linux

Disk /dev/sdc: 64.4 GB, 64424509440 bytes 255 heads, 63 sectors/track, 7832 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 1048576 bytes Disk identifier: 0x0007847e

Device Boot Start End Blocks Id System /dev/sdc1 1 7832 62910539+ 83 Linux Partition 1 does not start on physical sector boundary.

Disk /dev/sdd: 214.7 GB, 214748364800 bytes 255 heads, 63 sectors/track, 26108 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 1048576 bytes Disk identifier: 0x00000000

 

FSM_FTNT

You're probably best getting in touch with TAC to investigate.

 

Your disk and network config looks ok. Did you define a proxy as well? Did the Super have internet access during the install?

 

There may be an install log under /tmp or /opt/phoenix/log which may give you an idea.

 

However, as there is no log under glassfish, you probably need to check other logs under /opt/glassfish/domains/domain1/logs/

 

 

Labels
Top Kudoed Authors