Hi all

I've a log viewing issue after Fortianalyzer 4.3.x migration. we all know that after leaving migration mode, FAZ's cpu usage will raise to 80 ~ 90 in order to write roll logs to DB. After a week of my migration, my new FAZ's cpu usage is normal now(about 20~30%). But I found a strange situation that when I view realtime log, I can see realtime log incoming normally, but when I see history log, the latest log's time is 2 days ago around 04:27...

When I check network share[\storage\logs\], I can see everyday's roll logs, so I think logs are exist.

I also found that when I check roll log files, I can see a filename ".logstatus", it's modified time is also  in 04:27 two days ago. Is that file just like a flag to flag where DB writing the logs? When I check another FAZ which can view history log normally, the midified time of it's ".logstatus" file is just the time when I see it... 

How can I fix this problem that history log can't see last two days log? In 4.x, there's no way to check log writing info on dashboard, how we know that does FAZ write all row log to it's DB yet or not?

There are so few people who has FAZ migration experience around me, can anyone help me to solve this problem...

many thanks~~