Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
chall_FTNT
Staff
Staff

Created on ‎06-01-2015 05:54 PM Edited on ‎04-08-2022 11:42 AM By Anonymous

Article Id 196099

Restarting SQL Rebuilds

Description
In most cases, once a SQL rebuild has been initiated on a FortiAnalyzer, it is best to let it complete.

However, in some cases, it might be desirable to restart that SQL rebuild. 

One example of this is if you wish to restart the rebuild from a much later start-time.  In that case, not only would the rebuild be faster but the resulting database would be much smaller.

Solution
In the above example, you would first change the start-time from the default value.

config system sql
...
    set start-time 2000/01/01  #<-- change this to some later time & date
end

Current rebuild status:
FAZ92_5.0.10 # diag sql status rebuild-db
Rebuilding log SQL database has been processed 40%

Although it is not possible to cancel a rebuild, you can then just reissue the exact same rebuild command.

exec sql-local rebuild-db

After the resulting reboot, you can recheck ther rebuild status.  You will notice that it will reflect a lower %, indicating that the rebuild has restarted.

After reboot:
FAZ92_5.0.10 # diag sql status rebuild-db
Rebuilding log SQL database has been processed 5%

Note: Rebooting a FortiAnalyzer during the reboot process does not cancel the rebuild.  The rebuild will resume from wherever it left off prior to reboot.

Alternate Approach: Using rebuild-adom

Starting in FortiAnalzyer 5.2.2, it is possible to request the rebuild of only a single ADOM.
Here again, you can just reissue the same command.

First run:
FAZ300D # exec sql-local rebuild-adom root

Rebuild log SQL database of ADOM 'root' has been requested.
This operation will remove the log SQL database for ADOM 'root' and rebuild from log data.
Do you want to continue? (y/n)y

Request to rebuild ADOM 'root' sumbitted successfully.

FAZ300D #diag sql status rebuild-adom
...
root             percent: 52% bg-rebuild:Yes start:"Mon () 2015_06_01 16:54:10" took:138(s) remain:127(s)...

Second run:
FAZ300D # exec sql-local rebuild-adom root
...
FAZ300D # diag sql status rebuild-adom
...
root             percent:  0% bg-rebuild:Yes start:"Mon (1) 2015_06_01 16:56:41" took:1(s) remain:10(s)...

In this case, the time at which the rebuild request was submitted is displayed and shows as being later than the first attempt.





6306
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.