DescriptionThe "sumreportsd" process ("summary reports daemon") is responsible for computing data for drill down widgets configured in the dashboard.These are:
- Top Web Traffic
- Intrusion Activity
- Virus Activity
- Top FTP Traffic
- Top Email Traffic
- Top IM/P2P Traffic
- Top Traffic
By default, it is not computing any data, and none of these drill down widgets are enabled in the configuration.
Depending on the hardware platform or on the amount of logs present in the FortiAnalyzer, "sumreportsd" may consume a considerable amount of CPU when running and may run for a considerable amount of time (from a few minutes, to hours, or even longer if it has to compute new data while still processing old ones). The resulting effect is that drill down widgets may be empty or not up to date.
Below is an example of high CPU usage on the FortiAnalyzer.
Run Time: 59 days, 13 hours and 16 minutes 7U, 0N, 11S, 80I; 2027T, 1866F, 0KF sumreportsd 394 R 36.4 0.4 fortilogd 367 S 1.1 1.3 cli 27152 S 1.1 0.5
Run Time: 59 days, 13 hours and 16 minutes 52U, 0N, 18S, 28I; 2027T, 1870F, 0KF sumreportsd 394 D 99.9 0.2 logfiled 353 D 2.5 0.1 oftpd 379 S 0.8 0.4 |
ScopeFortiAnalyzer software version 4.00 MR3.
FortiAnalyzer with drill down widgets enabled.SolutionIn case of high CPU usage and depending on the current environments on the FortiAnalyzer, it is possible to:
- Change the Device being monitored (All FortiGates by default) to only the one(s) needed.
- Reduce the Time Scope to a lower one (Hour or Day).
- Disable all drill down widgets from all admin accounts if not sufficient.