Hi All,
Good day...!
We have 2 fortigates which are configured to send all the logs to the FortiAnalyzer. The point is that we dont see any logs in "fortiview and log view", but the device is receiving logs. Its stuck like loading the information
Recently we upgraded Fortianalyzer-1000D from version 5.0 to 5.2.5. After upgrading, logs are not showing in Fortiview even rebuild the SQL database.
Already I tried to format the FA and install the firmware 5.2.5 directly, followed the standard way to rebuild the SQL database on multiple times but no luck. Then I restore the backup logs existing firewall logs. There is no much logs in storage even I given enough time to rebuild like a week.
If anyone knows the solution to resolve this issue? expecting your reply
Fortianalyzer 1000D Info:
--------------------
Current version : v5.2.5-build3175 160119 (GA)
Error message in fortiview: "No entry found"
Error message in log view: "No record found"
Log browse: I can see all the logs which is receiving from firewall
sqllogd services utilizing 100% cpu, all other services normal ( exec top)
Log volume in 7 days: 219.64 MB/day
FortiGate 300D Info:
Current Version: v5.2.5,build701 (GA)
Log setting configured to send the log to Fortianalyzer and local HDD
Thanks
Sivaguru D
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
I took backup from fortianalyzer and then created the ADOM for 5.2, Then I initiated the rebuild sql database and its showing progress as 1%. (last 24 hrs).
Find the below outputs and FIREWALL is newly created ADOM.
FAZ1000D#diagnose sql status rebuild-db
Rebuilding log SQL database has been processed 0%
FAZ1000D# diag dvm adom list
There are currently 12 ADOMs
OID STATE PRODUCT OSVER MR NAME MODE VPN MANAGEMENT IPS
219 enabled FOS 5.0 2 FIREWALL normal Central VPN Console N/A
****
****
Am able to see the logs under Log view -> Log Browse -> list of logs ***.log, the type showing Event and Traffic. If I select the anyone of the file *****.log and display then I can able to see the live logs which is today date.
I hope everything going fine and I need to wait for completing the rebuilding process.
Is it do any-other commands need to execute,
Regards, Sguru
Hello,
Just check if rebuilding database progressing or stuck using the command:
# diag sql status rebuild-db
If stuck you may need to initiate again.
Regards,
Didn't know how it works kindly help me up on this matter thank you so much
Hi,
I tried in many times, no luck to resolve this issue. Again it shows the same message for the command
diagnose sql status rebuild-db
Rebuilding log SQL database has been processed 0%
Is it upgrading to 5.4 or latest version will resolve this issue...?
Regards,
Sguru
Hello,
Try to rebuild the database per the following steps:
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD36458&sliceId=1... 0 100139590
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.