Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Christopher
New Contributor

Created on ‎10-24-2014 09:45 AM

Reports showing no results after upgrading to 5.2

Hello,

 

I recently upgraded from 5.0.6 to 5.2 on our FortiAnalyzer.

My upgrade path was:

5.0.6 >5.0.7>5.0.8>5.2

 

I did not upgrade directly from 5.0.6 to 5.2

 

I have manually rebuilt the sql-db and I have restored the system configuration from backup.

 

Since the upgrade, every report I run, whether stock or custom gives me no information.

----------------

According to the release notes it says:

 

Bug ID 0250679 : After upgrade, FortiAnalyzer may not be able to generate reports due to

missing default datasets.

-----------------

It does not however say how to correct this issue or restore missing default datasets.

 

How can I replace the default datasets and is that the fix to get reports working again?

 

Without reporting capabilities, the FortiAnalyzer is practically useless for our purposes.  Any help would be appreciated in resolving this issue.

 

Thank you

Labels:
24457
0 Kudos
18 REPLIES 18
Christopher
New Contributor
In response to hzhao_FTNT

Created on ‎10-28-2014 11:52 AM

hzhao_FTNT wrote:

Hi Christopher,

 

Let's make sure if your FAZ get correct logs from FGT first.

1. Can you browse VPN logs in Fortiview -> Log View->Event->VPN? if yes, pls try filter: action=tunnel-stats

2. If no logs there, can you see event log in log view->log browse? 

If still not, pls run "diag test app fortilogd 2", "diag test app fortilogd 3" to see if fortilogd is working properly.

 hz

 

 

1. Returns only IPsec tunnel information and failed SSL VPN login attempts

2. There is an event log in the log view>log browse

3. # diag test app fortilogd 2 

Current time: (1414522209) Tue Oct 28 14:50:09 2014

Msgs received : 1751941 Msgs written : 1751941 Msgs wr failures : 0 Getbuf waits : 0, 0 Getbuf timeouts : 0, 0 Getbuf errors : 0

Logs received : 5619808 Logs written : 5619808 Forward total : 0 Forward errors : 0 Forward errors intr : 0 Forward errors again: 0 Forward (TCP) errors: 0 Msgroll requests : 0 Writter stats : 1751941, 0, 0, 0, 0, Cache buf count : 18000, 11999 (29999)

 

 

# diag test app fortilogd 23 Current time: (1414522216) Tue Oct 28 14:50:16 2014 Fortilogd logstat cache status: number of devs : 2 number of vdoms: 1 malloc failures: 0 number of bufs : 0 (0 bytes) Wed Dec 31 19:00:01 1969 cache status : invalid

Test client connection: [clt] update_logstats:427 send request... (sockfd 16, clt_pid 321) [svr] build_response_packages:185 rebuild response packages [svr] logstat_process_request:284 send response 60 bytes [clt] update_logstats:435 recvd hdr 8 bytes [clt] update_logstats:449 recvd response body 52 bytes [clt] update_logstats:455 build 2 dev.vdom info tree...

 

2730
0 Kudos
hzhao_FTNT
Staff
Staff
In response to Christopher

Created on ‎10-30-2014 11:23 AM

Hi Christopher, Fortilogd looks OK on your FAZ. 

Could you verify which chart in VPN report shows no data, and what's your Fortigate version? Pls double check on all FGTs by:

config system settings set vpn-stats-log ipsec ssl set vpn-stats-period 300 end

 

regards,

hz

2730
0 Kudos
Christopher
New Contributor
In response to hzhao_FTNT

Created on ‎10-31-2014 04:51 AM

1. It is called the VPN Report and it is a stock report.

 

2. The only information shown in the report is:

a. VPN Traffic Usage Trend Summary - Only shows IPsec Traffic

b. Failed Login Attempts - so it is showing failed SSL login attempts but not successful ones.

c. Top Site-to-Site IPsec Tunnels by Bandwidth

 

3. It shows "No matching log data for this report" for:

a. VPN Traffic Usage Trend Summary - Does NOT show SSL Traffic

b. VPN User Logins

c. Authenticated Logins

d. Top Dial-up VPN Users

e. Top Sources of SSL VPN Tunnels by Bandwidth

f. Top SSL VPN Tunnel Users by Bandwidth

g. Top SSL VPN Web Mode Users by Bandwidth

h. Top SSL VPN Users by Duration

i. Top Users of IPsec VPN Dial-up Tunnel by Bandwidth

j. Top Dial-up IPsec Tunnels by Bandwidth

k. Top Dial-up IPsec Users by Bandwidth

l. Top Dial-up IPsec Users by Duration

 

I need to be able to report on SSL VPN User information and this report looks like it should be giving me that information but returns next to nothing usable.

 

I've gone in and tried running the stock SSL VPN Datasets and they also return nothing except for the "vpn-Failed-Logins" Dataset.

 

The FGT is configured as follows:

config system settings set vpn-stats-log ipsec ssl set vpn-stats-period 300 set sip-tcp-port 5060 set sip-udp-port 5060 end

2730
0 Kudos
FortiRack_Eric
New Contributor III
In response to Christopher

Created on ‎11-06-2014 01:36 AM

This is correct rebuild procedure of the sql database on the FAZ

 

# 1. change operation mode to collector#=====================================================  config system global set log-mode collector end #=====================================================    # 2. disable SQL and remove the current database #=====================================================  config system sql  set status disable  end    execute sql-local remove-db    #=====================================================  # 3. re-enable SQL  #=====================================================    config system sql  set status local  end    #=====================================================  # 4. change operation mode back to analyser #=====================================================    config system global set log-mode analyzer end   #=====================================================  # 5. rebuild database #=====================================================    exec sql-local rebuild-db    #=====================================================      Note:  - the rebuild-db command causes the unit to reboot and the rebuild starts when the unit comes back up  - use the command 'diag sql status rebuild-db' to show the status of the rebuild  - the time required to rebuild the database depends on the amount of logs stored on the unit - although this procedure does not remove any log files you may want to backup your log files beforehand as a precaution     If the reports still have no output after this then check with default report, this should have output. Otherwise open a ticket with Fortinet support.

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
2730
0 Kudos
FTGmaster
New Contributor

Created on ‎08-21-2015 06:28 AM

Hi

 

I miss to the reports, after upg 5.0.8>5.2

 

I dind't understand exactly the right procedure to recover them.

I have a Backup pre-Upg, and post-Upg of the FAZ (Faz 100C)

FCNSA - FCNSP Certified FortiGate 20D - 30B - 40C - 50B - 60B - 60C - 80C - 100D - 110C FortiAnalyzer 100C FortiAP 220B HA

FCNSA - FCNSP Certified FortiGate 20D - 30B - 40C - 50B - 60B - 60C - 80C - 100D - 110C FortiAnalyzer 100C FortiAP 220B HA
2730
0 Kudos
L_FTNT
Staff
Staff

Created on ‎08-21-2015 08:39 AM

Here is the link to 5.2 upgrade guide:

http://docs.fortinet.com/uploaded/files/2515/fortianalyzer-5.2.3-upgrade-guide.pdf

 

Do you follow the steps in this guide for you upgrade ?

After the upgrade, have you run the validation tool to verify the datasets are OK before you generate any reports?

 

 

 

 

Ling Lu
2730
0 Kudos
FTGmaster
New Contributor

Created on ‎08-24-2015 05:07 AM

Hi, 

 

yes, I had the 5.0.8 and to be sure about the upgrade, I installed the 5.2.0, then my idea was to upgrade again to 5.2.2, then 5.2.3

 

FCNSA - FCNSP Certified FortiGate 20D - 30B - 40C - 50B - 60B - 60C - 80C - 100D - 110C FortiAnalyzer 100C FortiAP 220B HA

FCNSA - FCNSP Certified FortiGate 20D - 30B - 40C - 50B - 60B - 60C - 80C - 100D - 110C FortiAnalyzer 100C FortiAP 220B HA
2730
0 Kudos
hzhao_FTNT
Staff
Staff
In response to FTGmaster

Created on ‎08-24-2015 08:47 AM

Hi, we have some upgrade issues for 5.2.0(B618). Please upgrade to 5.2.3 directly and rebuildDB.

 

Regards,

hz

2730
0 Kudos
FTGmaster
New Contributor

Created on ‎08-25-2015 05:07 AM

Hi

 

Thanks you. Now I'm following the Upgrade step procedures, so from 5.2 the DS reccomends to upgrade to 5.2.2 (just did it)

 

Nopw I can see report but I can't see my custom records (and the scheduler too is til last week)

Now i'm waiting that the running process postgres terminate (they have the 80% pof the CPU), then I will update to 5.2.3

 

 

top_bin - 14:03:43 up  1:52,  0 users,  load average: 4.97, 5.22, 4.96
Tasks: 137 total,   5 running, 132 sleeping,   0 stopped,   0 zombie
Cpu(s): 81.4%us, 16.3%sy,  0.0%ni,  0.0%id,  1.0%wa,  0.0%hi,  1.3%si,  0.0%st
Mem:   1035704k total,   982064k used,    53640k free,    51216k buffers
Swap:  2076536k total,   332464k used,  1744072k free,   598688k cached
H
 PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND            
  595 postgres  20   0  193m 184m 179m R 25.5 18.2  27:38.02 postgres           
  477 postgres  20   0  195m 184m 180m R 24.9 18.3  27:53.60 postgres           
  592 postgres  20   0  194m 184m 179m R 24.9 18.3  27:44.12 postgres           
 1968 root      20   0 51236  12m 7964 R 13.1  1.2   0:00.40 gui FMGHeartBea    
   48 root      20   0     0    0    0 S  2.0  0.0   0:43.19 flush-8:0          
  469 postgres  20   0  192m 173m 170m S  1.6 17.1   1:48.52 postgres           
  470 postgres  20   0  192m  11m 8596 S  1.3  1.1   1:00.18 postgres           
   14 root      20   0     0    0    0 D  1.0  0.0   0:48.49 kswapd0            
  127 root      20   0 21992 6272 4944 S  0.7  0.6   0:38.42 cmdbsvr            
 1947 root      20   0  2072 1032  740 R  0.7  0.1   0:00.42 top_bin            
    4 root      20   0     0    0    0 S  0.3  0.0   0:17.77 kworker/0:0        
  297 root      20   0 41620 6064 4428 S  0.3  0.6   0:37.89 dmserver           
  372 root      20   0 14852 2464 2268 S  0.3  0.2   0:03.11 logrolling         
  381 root      20   0 15448 2292 2256 S  0.3  0.2   0:18.79 udm_statd          
  387 root      20   0 40608 4520 2732 S  0.3  0.4   0:00.14 svc dvmdb write    
  402 root     -13   0 97796  86m  10m S  0.3  8.5   0:10.94 fortilogd.main

 

 

FCNSA - FCNSP Certified FortiGate 20D - 30B - 40C - 50B - 60B - 60C - 80C - 100D - 110C FortiAnalyzer 100C FortiAP 220B HA

FCNSA - FCNSP Certified FortiGate 20D - 30B - 40C - 50B - 60B - 60C - 80C - 100D - 110C FortiAnalyzer 100C FortiAP 220B HA
2730
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.