Unable to retrieve FortiAnalyzer 5.0.9 with Fortigate 5.0.9

donnat · ‎10-24-2014

Hello,

After updating firmware 5.0.8 to 5.0.9, unable to retrieve FortiAnalyzer with Fortigate (fortiOS 5.0.9).

Please help.

Cluster Active/Passive Fortigate-1500D 6.0.9 (AV, DLP, AppCtrl & IPS, DHCP, AlertMail, Fortiguard Web & AS, OSPF & RIPv2, SSL-VPN Portal Web and Tunnel) FortiAnalyzer-3000D 6.0.8 (Log, Syslog, Alert event, Quarantine & Report)

donnat · ‎10-28-2014

If it can help another person, here's how to fix:

1) Restart OFTP to see if it corrects the problem: # diag test app oftpd 99 ===========> It's OK (Fortigate view now FortiAnalizer) 2) Clear crashlog and reboot # diagnose debug crashlog clear # diagnose debug crashlog read # execute rebootThe system will be rebooted. Do you want to continue? (y/n)y ===========> BUT AFTER REBOOT # diagnose debug crashlog read 2014-10-28 10:48:41 <13715> firmware FAZ3000D-5.0-build0345-141022 2014-10-28 10:48:41 <13715> application oftpd 2014-10-28 10:48:41 <13715> *** signal 11 (Segmentation fault) received *** 2014-10-28 10:48:41 <13715> Register dump: 2014-10-28 10:48:41 <13715> RAX: 0000000000000000 RBX: 0000000000003593 2014-10-28 10:48:41 <13715> RCX: 00007fc115c11000 RDX: 00007fc115c11000 2014-10-28 10:48:41 <13715> R8: dbdbdbdbdbdbdbdb R9: 0000000000000000 2014-10-28 10:48:41 <13715> R10: 0000000000000000 R11: 0000000000000206 2014-10-28 10:48:41 <13715> R12: 000000000000000c R13: 0000000000034735 2014-10-28 10:48:41 <13715> R14: 000000000000000c R15: 000000000000000c 2014-10-28 10:48:41 <13715> RSI: 00007fff50d25500 RDI: 0000000000030006 2014-10-28 10:48:41 <13715> RBP: 00007fff50d25520 RSP: 00007fff50d25500 2014-10-28 10:48:41 <13715> RIP: 00007fc11c68c10d EFLAGS: 0000000000010246 2014-10-28 10:48:41 <13715> CS: 0033 FS: 0000 GS: 0000 2014-10-28 10:48:41 <13715> Trap: 000000000000000e Error: 0000000000000004 2014-10-28 10:48:41 <13715> OldMask: 0000000000000000 2014-10-28 10:48:41 <13715> CR2: 00007fc115c11000 2014-10-28 10:48:41 <13715> Backtrace: 2014-10-28 10:48:41 <13715> [0x7fc11c68c10d] => ../../../lib/libfaz_base.so (qua r_cache_close+0x0000008d) liboffset 0005510d 2014-10-28 10:48:41 <13715> [0x004121a6] => /bin/oftpd (main+0x00000f23) 2014-10-28 10:48:41 <13715> [0x7fc116f470a4] => ../../../lib/libc.so.6 (__libc_s tart_main+0x000000f4) 2014-10-28 10:48:41 3) Rebuild quarantine database # diag dlp-archives rebuild-quar-db Warning! You are about to rebuild the Quarantine Cache DB. The main oftpd process and all processes connected with the Quaranine Cache DB will be killed. Do you want to continue? (y/n)y The SIGTERM signal was sent to 1 process(es). Done. The oftpd daemon will be restarted. 4) Clear crashlog and reboot # diagnose debug crashlog clear # diagnose debug crashlog read # execute rebootThe system will be rebooted. Do you want to continue? (y/n)y ===============> AND NOW AFTER REBOOT IS OK # diagnose debug crashlog read

Ouf...

Cluster Active/Passive Fortigate-1500D 6.0.9 (AV, DLP, AppCtrl & IPS, DHCP, AlertMail, Fortiguard Web & AS, OSPF & RIPv2, SSL-VPN Portal Web and Tunnel) FortiAnalyzer-3000D 6.0.8 (Log, Syslog, Alert event, Quarantine & Report)

View solution in original post

donnat · ‎10-26-2014

I found this: diagnose debug crashlog read

2014-10-26 20:31:30 <03887> firmware FAZ3000D-5.0-build0345-141022 2014-10-26 20:31:30 <03887> application oftpd 2014-10-26 20:31:30 <03887> *** signal 11 (Segmentation fault) received *** 2014-10-26 20:31:30 <03887> Register dump: 2014-10-26 20:31:30 <03887> RAX: 0000000000000000 RBX: 00000000ffffffff 2014-10-26 20:31:30 <03887> RCX: 00007ffd1f20af97 RDX: 0000000000000001 2014-10-26 20:31:30 <03887> R8: 0000000000030006 R9: 0000000000030006 2014-10-26 20:31:30 <03887> R10: 0000000000000000 R11: 0000000000000206 2014-10-26 20:31:30 <03887> R12: 00007fff0f2d7170 R13: 00007ffd1de37050 2014-10-26 20:31:30 <03887> R14: 00007fff0f2d7130 R15: 00007fff0f2d70b0 2014-10-26 20:31:30 <03887> RSI: 00007fff0f2d7170 RDI: 0000000000030006 2014-10-26 20:31:30 <03887> RBP: 00007fff0f2d71b0 RSP: 00007fff0f2d70b0 2014-10-26 20:31:30 <03887> RIP: 00007ffd248b23c9 EFLAGS: 0000000000010246 2014-10-26 20:31:30 <03887> CS: 0033 FS: 0000 GS: 0000 2014-10-26 20:31:30 <03887> Trap: 000000000000000e Error: 0000000000000006 2014-10-26 20:31:30 <03887> OldMask: 0000000000000000 2014-10-26 20:31:30 <03887> CR2: 00007ffd1de37050 2014-10-26 20:31:30 <03887> Backtrace: 2014-10-26 20:31:30 <03887> [0x7ffd248b23c9] => ../../../lib/libfaz_base.so (quar_cache_open+0x00000229) liboffset 000553c9 2014-10-26 20:31:30 <03887> [0x004104a0] => /bin/oftpd 2014-10-26 20:31:30 <03887> [0x004114bd] => /bin/oftpd (main+0x0000023a) 2014-10-26 20:31:30 <03887> [0x7ffd1f16d0a4] => ../../../lib/libc.so.6 (__libc_start_main+0x000000f4) 2014-10-26 20:31:30

Super v5.0.9

Cluster Active/Passive Fortigate-1500D 6.0.9 (AV, DLP, AppCtrl & IPS, DHCP, AlertMail, Fortiguard Web & AS, OSPF & RIPv2, SSL-VPN Portal Web and Tunnel) FortiAnalyzer-3000D 6.0.8 (Log, Syslog, Alert event, Quarantine & Report)

donnat · ‎10-28-2014

If it can help another person, here's how to fix:

1) Restart OFTP to see if it corrects the problem: # diag test app oftpd 99 ===========> It's OK (Fortigate view now FortiAnalizer) 2) Clear crashlog and reboot # diagnose debug crashlog clear # diagnose debug crashlog read # execute rebootThe system will be rebooted. Do you want to continue? (y/n)y ===========> BUT AFTER REBOOT # diagnose debug crashlog read 2014-10-28 10:48:41 <13715> firmware FAZ3000D-5.0-build0345-141022 2014-10-28 10:48:41 <13715> application oftpd 2014-10-28 10:48:41 <13715> *** signal 11 (Segmentation fault) received *** 2014-10-28 10:48:41 <13715> Register dump: 2014-10-28 10:48:41 <13715> RAX: 0000000000000000 RBX: 0000000000003593 2014-10-28 10:48:41 <13715> RCX: 00007fc115c11000 RDX: 00007fc115c11000 2014-10-28 10:48:41 <13715> R8: dbdbdbdbdbdbdbdb R9: 0000000000000000 2014-10-28 10:48:41 <13715> R10: 0000000000000000 R11: 0000000000000206 2014-10-28 10:48:41 <13715> R12: 000000000000000c R13: 0000000000034735 2014-10-28 10:48:41 <13715> R14: 000000000000000c R15: 000000000000000c 2014-10-28 10:48:41 <13715> RSI: 00007fff50d25500 RDI: 0000000000030006 2014-10-28 10:48:41 <13715> RBP: 00007fff50d25520 RSP: 00007fff50d25500 2014-10-28 10:48:41 <13715> RIP: 00007fc11c68c10d EFLAGS: 0000000000010246 2014-10-28 10:48:41 <13715> CS: 0033 FS: 0000 GS: 0000 2014-10-28 10:48:41 <13715> Trap: 000000000000000e Error: 0000000000000004 2014-10-28 10:48:41 <13715> OldMask: 0000000000000000 2014-10-28 10:48:41 <13715> CR2: 00007fc115c11000 2014-10-28 10:48:41 <13715> Backtrace: 2014-10-28 10:48:41 <13715> [0x7fc11c68c10d] => ../../../lib/libfaz_base.so (qua r_cache_close+0x0000008d) liboffset 0005510d 2014-10-28 10:48:41 <13715> [0x004121a6] => /bin/oftpd (main+0x00000f23) 2014-10-28 10:48:41 <13715> [0x7fc116f470a4] => ../../../lib/libc.so.6 (__libc_s tart_main+0x000000f4) 2014-10-28 10:48:41 3) Rebuild quarantine database # diag dlp-archives rebuild-quar-db Warning! You are about to rebuild the Quarantine Cache DB. The main oftpd process and all processes connected with the Quaranine Cache DB will be killed. Do you want to continue? (y/n)y The SIGTERM signal was sent to 1 process(es). Done. The oftpd daemon will be restarted. 4) Clear crashlog and reboot # diagnose debug crashlog clear # diagnose debug crashlog read # execute rebootThe system will be rebooted. Do you want to continue? (y/n)y ===============> AND NOW AFTER REBOOT IS OK # diagnose debug crashlog read

Ouf...

Cluster Active/Passive Fortigate-1500D 6.0.9 (AV, DLP, AppCtrl & IPS, DHCP, AlertMail, Fortiguard Web & AS, OSPF & RIPv2, SSL-VPN Portal Web and Tunnel) FortiAnalyzer-3000D 6.0.8 (Log, Syslog, Alert event, Quarantine & Report)

Carsten_Buchenau · ‎11-20-2014

Excellent - thanks for sharing! You saved my day :)

Carsten Buchenau EDIFICE COMMUNICATIONS SA Lausanne, Switzerland