IT Blog

Uncategorized

Deleting and Rebuilding FortiAnalyzer SQL Database

Sometimes the upgrade does not update the SQL database correctly and reporting will not work properly due to missing / mis-named columns and / or indexes.
“Exec sql-local rebuild-db” is the first option, but if this doesn’t solve the problem, deleting and rebuilding the database is the next step.

Solution;

Uninstall SQL db and rebuild:

1) Change the operating mode to collector.
    #config system global
    #set log-mode collector
    #end

2) Disable SQL and remove existing database.
    #config system sql
    #set status disable
    #end
    #execute sql-local remove-db

3) Re-enable SQL.
    #config system sql
    #set status local
    #end

4) Change the run mode back to analyzer.
    #config system global
    #set log-mode analyzer
    #end

5) Rebuild the database.
    #exec sql-local rebuild-db

Notes:

    (1) The rebuild-db command causes the device to reboot and when the device is restored, the rebuild starts.
    (2) Use the command ‘diag sql status rebuild-db’ to show the rebuild status.
    (3) The time required to rebuild the database depends on the amount of logs stored in the device.
    (4) Although this procedure does not remove any log files, it is recommended to back up the log files as a precaution.

Leave a Reply

Your email address will not be published. Required fields are marked *