Hot!No Data in FortiView

Author
Boss2u
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/01/17 06:59:06
  • Status: offline
2020/01/17 08:00:46 (permalink)
0

No Data in FortiView

Hello,
I was having some issues with our FortiAnalyzer, so I spun up a new VM (Hyper-V) and started from scratch. Everything seems to be working, but I don't see any data in FortiView.
There is plenty of free space and I have been running the newly configured FortiAnalyzer for about 3 weeks now.
Do I need to purchase an additional license in order for this part to work/show data?
 
#1
skyhigh
Silver Member
  • Total Posts : 74
  • Scores: 4
  • Reward points: 0
  • Joined: 2004/03/04 15:23:31
  • Status: offline
Re: No Data in FortiView 2020/01/17 09:23:32 (permalink)
5 (1)
No additional license is required for FortiView.  You might want to confirm that the FortiAnalyzer is receiving logs.  Check "Log Browse" for new logs.   Once the logs are received, they will be inserted into the SQL database (thereby generating "analytic" logs).   It is analytic logs which are displayed in Lop View & FortiView.
 
You mention that there is enough space -- also make sure the minimum requirements in terms of memory & CPU count have been allocated to the VM.
 
https://docs.fortinet.com/vm/hyper-v/fortianalyzer/6.2/fortianalyzer-vm-on-hyper-v/6.2.0/583600/minimum-system-requirements
 
i.e., Minimum of 8G RAM & 4 CPU cores.  More for higher log rates.

Fortinet Technical Support
#2
brazz_FTNT
Gold Member
  • Total Posts : 101
  • Scores: 26
  • Reward points: 0
  • Joined: 2018/02/20 15:09:34
  • Status: offline
Re: No Data in FortiView 2020/01/17 09:51:01 (permalink)
0
Hello, 
 
Also what is the version of your FAZ ?
 
Thanks
 
 
#3
Boss2u
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/01/17 06:59:06
  • Status: offline
Re: No Data in FortiView 2020/01/17 09:59:23 (permalink)
0
I am receiving logs in LogView.
I have dedicated 8gigs of ram and 4 processors to the VM.
Everything in the SOC dashboard (Top Threats, Treat Map, Compromised HOSTS, etc...) show "no data".
 
#4
Boss2u
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/01/17 06:59:06
  • Status: offline
Re: No Data in FortiView 2020/01/17 10:01:55 (permalink)
0
I'm seeing all kinds of new logs in Log View and have 8gigs of ram and 4 processors dedicated to the VM.
 
#5
Boss2u
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/01/17 06:59:06
  • Status: offline
Re: No Data in FortiView 2020/01/17 10:05:28 (permalink)
0
v6.2.3-build12135 191218(GA)
#6
brazz_FTNT
Gold Member
  • Total Posts : 101
  • Scores: 26
  • Reward points: 0
  • Joined: 2018/02/20 15:09:34
  • Status: offline
Re: No Data in FortiView 2020/01/17 12:08:21 (permalink)
5 (1)
Couple of things to check:
-Is this a new setup?if not? what was the previous versions? Did you follow the proper update path...
diagnose cdb upgrade summary
-The version of your FGTs
-The time of your FAZ and your FGTS
-Do you get any realtime logs?
-any daemon has been crashed? 
diagnose debug crashlog read
-create a back up for your logs and rebuild the DB
https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD36255&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=83188280&stateId=1%200%2083186597%27)
 
 
FMG-08 # execute sql-local rebuild-db
Rebuild the entire log SQL database has been requested.
This operation will remove the log SQL database and rebuild from log data.
This operation will reboot the device.
Do you want to continue? (y/n)
 
be very careful and make sure you create a proper back up of your config, DB and logs. Even create a snapshot of your VM too. and then rebuild the DB. 
 
I would say create a ticket with the FAZ team to investigate the issue. 
Good Luck
#7
Boss2u
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/01/17 06:59:06
  • Status: offline
Re: No Data in FortiView 2020/01/17 13:22:08 (permalink)
0
Rebuilding the database has fixed the issue.
Thanks for the help brazz_FTNT.
#8
Jump to:
© 2020 APG vNext Commercial Version 5.5