days for generating a report on FAZ 400C

ksm · ‎04-04-2016

Hi,

we have this kind of issues on our FORTIANALYZER since we have it, but actually it is extremly slow for generating reports, even very small ones. So It is difficult to understand. Generate a report can take until 14 days for 10 pages...

Could you telle me if there is any way to troubleshoot for one report how it has be made ?

Thanks in advance for the advices.

FAZ 400C

Logs /sec : often below the sustained Log rate of 200Actual Log insert time 14000 seconds. ( Working on a report for quite 3 days... )

Number of devices : 75 / 300 allowed

Gb / day : 2.41 / 15 Licensed

Firmware : v5.2.5-build3175 160119 (GA)

JS

ksm · ‎04-12-2016

Hi Hz,

We use monthly reports, actually nothing changed, the pending is growing very slowly :

FortiAnalyzer-400C # dia test app sqlrptcached 2 Number of log table read: all=4170(fortiview=2016, rpt=2154) pending=1923 Number of log table done: all=4169(fortiview=2016, rpt=2153)

I ask myself if we should not simply rebuild the database as it is explained in this KB : http://kb.fortinet.com/kb/documentLink.do?externalID=FD36458

I also saw something concerning the storage, maybe we have a storage issue ?

Total: 71 log devices, used=491253MB quota=754000MB ADOM Name ADOM OID Type UsedSpace(database) Quota(database) % Used root 3 FGT 280415MB 249720MB 112.29% rootp 10 FGT 0MB 0MB 0.00% FortiMail 1034 FML 5126MB 6000MB 85.43% FortiCache 1036 FCH 0MB 0MB 0.00% FortiWeb 1037 FWB 0MB 0MB 0.00% Syslog 1039 SYS 4195MB 6600MB 63.56% FortiClient 1040 FCT 0MB 0MB 0.00% FortiAnalyzer 1041 FAZ 0MB 0MB 0.00% FortiSandbox 1043 FSA 0MB 0MB 0.00% FortiCarrier 1045 FGT 0MB 0MB 0.00% Trapil 1239 FGT 111684MB 183600MB 60.83% FortiManager 1512 FMG 0MB 0MB 0.00% Total database usage: 12 ADOMs, used=401420MB quota=445920MB 90.02%. Total Quota Summary: Total Quota(MB) Allocated(MB) Available(MB) Allocate% 1690399 754000 936399 45 % System Storage Summary: Total(MB) Used(MB) Available(MB) Use% 1877791 656739 1221052 35 % Reserved space: 187392MB (10% of total space).

Before opening a case, I prefer trying doing things by myself if possible :)

Rebuilding database and less devices quotas could be good to do according to you ?

JS

ksm · ‎04-13-2016

Hi hz,

thanks for your reply, I have to plan this with my boss, I will update this thread as soon as possible.

See you

JS

ksm · ‎04-12-2016

I forgot to tell you something.

For storage issue, we can see that root database is overquota.

Then, here is the status of rebuild, it is old, isnt it ?

FortiAnalyzer-400C # diagnose sql status rebuild-db Rebuilding log SQL database accomplished on Thu Sep 4 11:41:38 2014

JS

hzhao_FTNT · ‎04-12-2016

Yes, you can try rebuild DB for sure. After rebuild DB, you can try to run the first report, this could take long time to finish, because all cache tables will be created during report running. But you will see must shorter time after the first report.

Regards,

hz

ksm · ‎04-14-2016

Hi hz,

the rebuild is achieved. I have made some tests, I have understood the cause of my empty reports. It is due to a report group bad setup apparently. By rebuilding the cache for one week, ask for the week concerned report, after deleting report group setup, I have a report in one minute and 48 seconds. For me it is OK.

Could you give me an example of a working report group setup please ?

Thanks a lot in advance for your help.

JS

hzhao_FTNT · ‎04-14-2016

Hi JS,

I just noticed the "group by" has wrong config in you setting.

please try:

config system report group edit 1 set adom "Trapil" config group-by edit devid next edit vd end set report-like Rapport next edit 2 set adom root set case-insensitive disable config group-by edit devid next edit vd end set report-like "RAPPORT MENSUEL" end

regards,

hz

ksm · ‎04-14-2016

Hi hz,

thanks for your reply, I will test the report group conf you gave to me next week, because I relaunched all my reports to give them to my customers. It is working actually.

I will inform you about report group certainly in 15 days for the monthly reports of last April month.

Thanks a lot for your help.

Best regards.

JS

Mikael_A · ‎04-19-2016

Hello!

We have the same problem. We also have a 400C with about 600GB of logs for roughly 17 devices.

Reports that we generate (although alot of graphs) takes 2-3 days per device for the last month.

The problem I have concluded is that the hardware is shit slow. Nothing more to it. It can´t handle it well. The 400C as I see it is fit for 1 device, maby 2. Not more.

Fortunatly we have a new VM, custom built on our way in. Benched it yesterday and got the same report in 16 min.

ksm · ‎04-19-2016

Hi hz,

how are you ? :)

I have put you in attachment the report group test I have prepared for next month reports. Is this correct for you ?

5 Devices, trough the quite common title of reports, have been chosen for the test :

config system report group edit 1 set adom "root" set case-insensitive disable config group-by edit "devid" next edit "vd" next end set report-like "RAPPORT MENSUEL C" next end

JS

ksm · ‎05-09-2016

hi hz,

For me it is solved. I have had all my reports. And my 5 devices in a report group got me quick reports and not empty this time. I have to generalize the configuration.

Thanks again !

Cheers :)

JS