Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Boss2u
New Contributor

No Data in FortiView

Hello,

I was having some issues with our FortiAnalyzer, so I spun up a new VM (Hyper-V) and started from scratch. Everything seems to be working, but I don't see any data in FortiView.

There is plenty of free space and I have been running the newly configured FortiAnalyzer for about 3 weeks now.

Do I need to purchase an additional license in order for this part to work/show data?

 

7 REPLIES 7
skyhigh
New Contributor

No additional license is required for FortiView.  You might want to confirm that the FortiAnalyzer is receiving logs.  Check "Log Browse" for new logs.   Once the logs are received, they will be inserted into the SQL database (thereby generating "analytic" logs).   It is analytic logs which are displayed in Lop View & FortiView.

 

You mention that there is enough space -- also make sure the minimum requirements in terms of memory & CPU count have been allocated to the VM.

 

https://docs.fortinet.com/vm/hyper-v/fortianalyzer/6.2/fortianalyzer-vm-on-hyper-v/6.2.0/583600/mini...

 

i.e., Minimum of 8G RAM & 4 CPU cores.  More for higher log rates.

Fortinet Technical Support
Fortinet Technical Support
brazz_FTNT

Hello, 

 

Also what is the version of your FAZ ?

 

Thanks

 

 

Boss2u

v6.2.3-build12135 191218(GA)

brazz_FTNT

Couple of things to check:

-Is this a new setup?if not? what was the previous versions? Did you follow the proper update path...

diagnose cdb upgrade summary

-The version of your FGTs -The time of your FAZ and your FGTS

-Do you get any realtime logs?

-any daemon has been crashed? 

diagnose debug crashlog read -create a back up for your logs and rebuild the DB https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD36255&sliceId=...

 

 

FMG-08 # execute sql-local rebuild-db Rebuild the entire log SQL database has been requested. This operation will remove the log SQL database and rebuild from log data. This operation will reboot the device. Do you want to continue? (y/n)

 

be very careful and make sure you create a proper back up of your config, DB and logs. Even create a snapshot of your VM too. and then rebuild the DB. 

 

I would say create a ticket with the FAZ team to investigate the issue. 

Good Luck

Boss2u

Rebuilding the database has fixed the issue.

Thanks for the help brazz_FTNT.

Boss2u
New Contributor

I'm seeing all kinds of new logs in Log View and have 8gigs of ram and 4 processors dedicated to the VM.

 

Boss2u
New Contributor

I am receiving logs in LogView.

I have dedicated 8gigs of ram and 4 processors to the VM.

Everything in the SOC dashboard (Top Threats, Treat Map, Compromised HOSTS, etc...) show "no data".

 

Labels
Top Kudoed Authors