Fortinet Community

rohemast · ‎03-18-2019

I have correctly set up fortiAnalyzer which connected to FortiGate and I got a log in log view without a problem. But in Fortiview I had a critical issue.

Just I got a chart in Fortiview for less than 1 hour when the increase to 12 hours or more I got the error " No Data"

This is the FortiAnalyzer info:

FAZVM64-HV

v6.0.4

Administrative Domain: Off

chall_FTNT · ‎03-21-2019

As a workaround, you can Edit "System Time" from the dashboard & disable "Daylight Savings". And then restart fazsvcd (diag test app fazsvcd 99).

1. Go to System Settings -> Click "Edit System Time" 2. Uncheck "Automatically adjust clock for daylight saving changes", then select "Set time" as "Update Time By", and select the appropriate time without DST, i.e. one hour ealier. 3. Click "OK". 4. Restart fazsvcd by CLI command: diag test application fazsvcd 99 5. Try all the views in FortiView (to create correct SQL queries), and make sure all the views work. 6. Change time config back to DST by go through step 1,2,3. 7. Restart fazsvcd again as in step 4. 8. Check FortiView again.

Chris Hall
Fortinet Technical Support

View solution in original post

brazz_FTNT · ‎03-18-2019

Hello,

what type/sub-types of logs do you see once you click on the LogView?

You might simply does not have those logs to be populated on FortiView.

Cheers

rohemast · ‎03-18-2019

Actually, I got FortiView in 5 min,30 min, and 1 hour. Just I had a problem in 12 hours and more. So I think your point will not be correct.

I recently remove Hard Disk for logs and renew it and Solved it an issue and now I have Fortiview for all duration time.

But still, I did not know the reason for the first time I did not get 1 day or more Fortiview.

rohemast · ‎03-19-2019

Today I check it again, and again I am not able to see "1 week and 1 day" in Fortiview.

Yesterday after changing the Hard disk for Log file everything worked well but again I had a problem with Fortiview.

chall_FTNT · ‎03-20-2019

There is a bug with FortiView which was introduced in 6.0.4 that you might be encountering. Symptom is that FortiView tables may show data for some time periods but not others. The problem is related to how the hcache tables used by FortiView are generated. Log View is okay. It will be fixed again in 6.0.5.

Bug id 537535 Fortiview issue after upgrading to 6.0.4

Chris Hall
Fortinet Technical Support

rohemast · ‎03-21-2019

Thank you for your reply, my friend.

This is the thing happened exactly today again after change Log's Hard Disk. I had a Fortiview for all time period yesterday but today I lost for one week and one-day Fortiview.

Do you know when being available the new version?

chall_FTNT · ‎03-21-2019

As a workaround, you can Edit "System Time" from the dashboard & disable "Daylight Savings". And then restart fazsvcd (diag test app fazsvcd 99).

1. Go to System Settings -> Click "Edit System Time" 2. Uncheck "Automatically adjust clock for daylight saving changes", then select "Set time" as "Update Time By", and select the appropriate time without DST, i.e. one hour ealier. 3. Click "OK". 4. Restart fazsvcd by CLI command: diag test application fazsvcd 99 5. Try all the views in FortiView (to create correct SQL queries), and make sure all the views work. 6. Change time config back to DST by go through step 1,2,3. 7. Restart fazsvcd again as in step 4. 8. Check FortiView again.

Chris Hall
Fortinet Technical Support

chall_FTNT · ‎03-21-2019

Fix is in 6.0.5 & 6.2.0. 6.2.0 is planned for middle of next month. 6.0.5 is after that (within the next 2 months)

Chris Hall
Fortinet Technical Support

rohemast · ‎03-21-2019

Thank you again.

I just follow your step and I got all Forti View.

May I ask what was the problem?

Time Sync?

chall_FTNT · ‎03-21-2019

A new approach of building the hcache tables was introduced which would avoid unnecessary rebuild activity during daylight savings change.

Chris Hall
Fortinet Technical Support