Hi, and welcome to the forums!

Thank you for the warm welcome

You seem to have serious trouble with your FAZ.

That' s what I' m worried about

First of all, I would recommend you get professional help to guide you. Depending on your service contract you may open a support case with Fortinet, especially if it includes phone support or web chat.

To be honest, I' m new with FAZ. FYI, the firmware version of our FAZ is: FortiAnalyzer-1000B v4.0,build0208 (MR2 Patch 1) and its VM Plugins and VM Engine are: VM Plugins 0.000 (Updated 2005-11-01) VM Engine 0.000 (Updated 2005-11-01) It' s quite an old version, right? Looks like my boss didn' t want to continue purchasing license or contract from Fortinet Technical Support. But I' ll ask him to continue receiving updates as soon as I know how to operate FAZ. BTW, is the firmware of our FAZ using the last version right now (FortiAnalyzer-1000B v4.0,build0208 (MR2 Patch 1))? Where to find or how to know the latest firmware releases from Fortinet' s products? And is it upgrading a firmware (espesially for our FAZ) will charged us?

It looks to me like you' ve had a lot of power outages which made the FAZ reboot. Could that be the case here?

You' re almost right. Because of I' m new to FAZ, I' m very often rebooted the machine (FAZ) (from web-based manager). Such as trying to change the database storage from Local database to to the default proprietary indexed file storage system. Our default FAZ' s settings to use to stores the log data is Local database (PostgreSQL). I' m very often doing this (changing the database location and reboot the machine) because of as the manual said (FortiAnalyzerâ„¢ Administration Guide Version 4.0 MR2 21 March 2011 Revision 13),

You can only add a Top Traffic/Top Web Traffic/Top Email Traffic/Top FTP Traffic/Top IM/P2P Traffic/Virus Activity/Intrusion Activity widget when you selected the proprietary indexed file storage system

Every time I tried to change the database storage location, I' ll reboot the machine. And it looks like nothing changed from our FAZ' s traffics (Top Traffic/Top Web Traffic/Top Email Traffic/Top FTP Traffic/Top IM/P2P Traffic/Virus Activity/Intrusion Activity widget). Just same. Or should I follow the guide revision 5 (FortiAnalyzer™ Administration Guide Version 4.0 MR2 10 June 2010 Revision 5)? I' m also have another question. Sometimes, I can view the expanded details for one of the widget’s items by clicking the + button (viewed by Device, Destination, Log Details etc.) It' s very often that I can' t view them. The widgets that I can always view its all expanded detail is only two: Virus Activity and Instrusion Activity). Is it goes like that? Because of I can' t view another widgets details, I' m also very often reboot the machine (I can only view them just for a while (maybe 5 or 10 minutes)).

You should take precautions for an extended downtime of the FAZ and execute the first diag command from the CLI. This is like a ' fsck' on a UNIX machine meaning it might take some time. I will not give in to estimate what that would be in your case, more likely hours than minutes. This should fix the apparent file system errors.

Is the machine/harddisk gonna be ok? I mean, it will not be error (our FAZ can' t operate anymore)?

It' s just what it says. Either the DNS addresses are wrong or the FAZ cannot connect to them. The route to the DNS might be missing, or a firewall in between might block this traffic...there are many options but all of them are straight forward and you should be able to resolve this.

I' ve asked our network team and they said it' s a firewall blocked the traffic.

Your FAZ ran out of memory. If memory usage increases beyond 80% the FAZ (like a Fortigate) begins to shut down less important services. During this emergency situation a file needed to be quarantined or a log file had to be rolled over and the device just couldn' t do it. You should check what makes the FAZ go screaming like this. It is definitely not a situation to live with and ignore.

How to check it? I' m new with FAZ. I just read the manual. Maybe I' ll ask my boss to train me with FAZ technical.

Hi, I don' t think your FAZ is outdated. It' s a recent model, one of the bigger ones, and running recent firmware. The entries for " VM" indicate the status for Vulnerability Management. This service has to be purchased/licensed separately. It' s not necessary for logging and analysis. Try to find out what your service level is. Maybe you are entitled to support but just don' t know it. I can only recommend what I would do about the file system message: run the diag command and wait until the disk is fixed. A flaky file system will not grow better over time. I don' t think that you might not get your disk back. Save your configuration beforehand! From what you reported I guess that there is just an internal reboot counter which triggers after (say) 50 reboots. Then the diag file system check would be a precaution only but nevertheless worth doing it. In general, be gentle with the machine and reboot only if absolutely necessary. Databases don' t like that much. In normal circumstances it would take years to reboot a FAZ 57 times... Please read into the Admin Guide again about the file system choices. In my understanding the ' internal indexed file system' is identical to the ' Local database' . Only recently Fortinet introduced the option to store the data in a SQL database (both internally and externally). This allows a lot more detail in analyzing but it doesn' t run with the ' old' reports - you' ll have to build your reports from scratch. (So I reverted back to the Local DB after trying it out.) Regarding the widget, some allow for drill down and others don' t. I haven' t noticed yet that if I view details that I cannot do so after a couple of minutes. Re: DNS, try to fix that or have it fixed. There is no apparent reason why the FAZ wouldn' t have access to DNS. IMHO your team shouldn' t stop at telling you but fix it ASAP. Re: memory. Watch the dashboard. Usually a 1000B can handle a large amount of traffic, like a couple of hundred logs per second. Depending on the number of FGTs that log to the FAZ their log settings might be a little bit too ' chatty' . (one more thought: maybe the FAZ is busy checking all the data bases after one of the frequent reboots, and before it is done the next reboot occurs. Let it settle for a couple of hours just to be sure.) HTH.

Nice info about the diag sys fsystem, thanks. You' re right about the file system - I forgot that there had been a change some time ago. Of course one should quit using the ReiserFS by now. Must have been 2 years ago or something like that. Just not to confuse file system with database format: OP was talking about the DB format. AFAIK there is a ' built-in' format and recently SQL. If he is not using advanced report customization I' d recommend he sticks with the Fortinet format. Even more so if he' s a novice user.

@rulirahm: you posted so many question I overlooked some. You get firmware updates on ftp://support.fortinet.com. You need a valid user account to login. You can create one if you have a valid support contract. Updates (even to major versions) are for free, then. For FAZ, 4.2.4 is the most recent version (build 226), April 20, 2011. For many 4.2.3 is current enough so don' t worry.

I was wrong. I thought " The log disk has not been checked for errors for 57 months" in the message " The log disk has not been checked for errors for 57 mounts." My mistake. Oh yes, thank you very much for the informations about

' internal indexed file system' is identical to the ' Local database' , Regarding the widget, some allow for drill down and others don' t.

About the DNS, I think it was our company policy that won' t allowed it. And I think there is something wrong with the Alert Message Console' s widget. Normally, this widget will showing message There is no serious outstanding ..... or something like that, if there are no messages (Warning, Error, Critical, Emergency etc.), appears. I' ve uploaded the picture. I think I will try to run the command ' diag sys file-system fsfix' . I' ll backup my FAZ configuration first. I hope that all of you guys will keep continuing assist or helping or guide me regarding to my FAZ. Oh yes, how to run a command in the CLI like when I want to change the severity level of alert mesage console to emergency. I' m always received error: command parse error before ' alert_console' Command fail. Return code 1 I' ve uploaded the picture also. I' m very often receiving error message like this. Except for simple command like execute ping etc. And because of the Alert Message Console widget not showing " There is no serious outstanding ....." message anymore, then I try to run the command diagnose sys dashboard rebuild-reports which I believe this command will fix my problem. But just same :( Please help me...

To measure file system ' wear off' in number of mounts does make sense, right? Alert console: you typed the command with an underscore ' _' whereas the correct syntax is with a hyphen ' -' . To avoid this kind of misspelling get used to command completion. If you type the beginning letters of a command or an option and hit TAB then the command is completed with the next matching phrase. If you hit ' ?' then you get a list of possible continuations. This way you avoid mistyping, save a lot of keystrokes and you don' t need the manual side-by-side just to look up the correct syntax. And don' t worry this forum will stay here for some years to come...I' m sure you' ll contribute one day as well.